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@ An IC card (6) has a card information memory 
area wherein there are written a master public key 
nA, card secret keys pU and qU, a card public key 
nU. a card identification number IDU, and a first 
master digital signature SA1 for information including 
the card identification number. An IC card terminal 
(2a,2b) has terminal information memory area 
wherein there are written a master public key nA, 
terminal secret keys pT and qT. a terminal public 
key nT. a terminal identification number IDT, and a 
second master digital signature SA2 for information 
including the terminal identification number IDT. 
When inserted into the IC card terminal, the IC card 
sends thereto the data nil, IDU, and SA1. The IC 
card terminal verifies the digital signature SA1 by 
the master public key nA and, if it is valid, transmits 
the data nT, IDT and SA2 to the IC card. The IC 
card verifies the digital signature SA2 by the master 
public key nA and, if it is valid, transmits information 



corresponding to the current remainder value V to 
the IC card terminal. The IC card terminal makes a 
check to see if the received information correspond- 
ing to the remainder value V is appropriate, and if 
so, becomes enabled for providing a service. 
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BACKGROUND OF THE INVENTION 

The present invention relates to a method and 
apparatus for settlement of accounts by IC cards 
which are used as prepaid cards of credit cards. 

For instance, in an 10 card which Is used as a 
prepaid card, there is written the amount of money 
paid for its purchase, and before or after receiving 
a service the card user inserts the 10 card into an 
10 card terminal, wherein the remaining value after 
subtracting the charge for the service from the 
initial value is transmitted to and written into the 10 
card. 

In a conventional system of this kind, the 10 
card and the 10 card terminal use the same cipher 
system and have the same secret key and commu- 
nicate to each other the balance information enci- 
phered by the common secret key. 10 card and 10 
card terminal are designed so that such a secret 
key cannot be found nor can it be altered even if 
10 card terminal should be revealed to an outsider. 

On the other hand, in the case of an 10 card for 
use as a credit card, its identification number and 
other necessary information are preregistered and 
the user is allowed to receive his desired service 
when inserting the 10 card into an 10 card terminal 
and is charged for the service afterward. In a 
conventional 10 credit card system, upon insertion 
of the 10 card into the 10 card terminal, the latter Is 
connected online to a management center where 
10 card identification numbers and other user in- 
formation are registered, then the user inputs his 
registration number and other required information 
by dialing, the thus input information is sent to the 
management center, wherein the user information 
registered in advance is used to verify the validity 
of the user. After the user's validity is thus proved, 
the user is allowed to receive his or her desired 
service at the 10 card terminal. 

Such an 10 credit card system similarly adopts, 
with a view to providing increased security, a meth- 
od in which: the 10 card and the 10 card terminal 
use the same cryptographic scheme and have the 
same secret key and they each authenticate the 
other's validity; a password input into the 10 termi- 
nal is checked with its counterpart prestored in the 
10 card; the 10 card identification number read out 
of the 10 card is sent from the 10 card terminal to 
the management center which has a data base of 
identification numbers and other information of 10 
cards; the 10 card identification number is verified 
in the management center; the result of the ver- 
ification is transmitted to the 10 card terminal; and 
when the 10 card identification thus checked in the 
management center is valid, the service specified 
by the card user starts through the 10 card temni- 
nal. In some cases, the 10 card and the manage- 
ment center each authenticate the other's validity 



directly through use of the same secret key. 

The conventional methods mentioned above all 
call for communication between the management 
center and the 10 card temiinal and online process- 

5 ing for verification before or after the service is 
provided, and hence they have shortcomings that 
the management center facility is inevitably large- 
scale and that the charge for the service includes 
communication expenses. Moreover, the history of 

10 service can be stored in the management center or 
10 card but difficulty is encountered In proving that 
the stored contents are not false. Although it is 
almost Impossible to falsify the stored contents of 
the 10 card unless the secret key is let out, the 

75 secret key information in the 10 card or 10 card 
terminal is not perfectly protected and may in 
some cases leak out in a long time. In the case 
where the cryptographic scheme used Is broken by 
third parties and many 10 terminals are used by 

20 them, particularly in the event that 10 cards and 10 
terminals are abused by unauthorized persons over 
a wide range, it Is very difficult to change all of the 
secret keys at the same time-this poses a serious 
social problem as well-intentioned users cannot use 

25 their 10 cards for a long period of time, for in- 
stance. 

SUMMARY OF THE INVENTION 

30 It is therefore an object of the present invention 
to provide a method and apparatus for the payment 
of charges by 10 cards which eliminate the need 
for communication between the management cen- 
ter and the 10 card terminal each time the card 

35 user inserts his 10 card into the latter to receive his 
desired service and which permit detection of 
abuse of a forged 10 card or intentionally altered 10 
card terminal. 

In the method for the payment of charges by 

40 10 cards according to a first aspect of the present 
invention, the respective 10 card has prestored in 
its memory means a master public key nA for 
verifying a master digital signature SA, a card 
Identification number IDU for specifying the 10 card 

45 and a first master digital signature SA1 for informa- 
tion containing at least the card identification num- 
ber IDU, and the 10 card terminal has prestored in 
its terminal memory the above-mentioned master 
public key nA; a terminal identification number IDT"^ 

50 for specifying the 10 card terminal and a second 
master digital signature SA2 for information includ- 
ing at least the above-mentioned terminal iden- 
tification number IDT. TTiis method includes: 

a step wherein the 10 card transmits at least 

65 the card identification number IDU and the first 
master digital signature SA1 to the 10 card termi- 
nal; 

a step wherein the 10 card terminal vertifies the 
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validity of the first master digital signature SA1 
through use of the master public key nA and the 
card identification number IDU received from the IC 
card; 

a step wherein when the first master digital 
signature SA1 is valid, the IC card terminal trans- 
mits at least the terminal identification number IDT 
and the second master digital signature SA2 to the 
IC card; 

a step wherein the IC card verifies the validity 
of the second master digital signature SA2 through 
use of the master public key nA and the terminal 
identification number IDT received from the IC card 
terminal; and 

a step wherein when the second master digital 
signature SA2 is valid, the IC card terminal gen- 
erating a value V corresponding to the charge for a 
service specified by the IC card after the service is 
provided. 

In the method for the payment of charges by 
IC cards according to a second aspect of the 
present invention, the respective IC card has card 
information memory means wherein there are writ- 
ten, as card information, from a management cen- 
ter a card identification number IDU, a predeter- 
mined password setting number Ns, a second mas- 
ter digital signature SA2 for the password setting 
number Ns, a first master digital signature SA1 for 
information containing the card identification num- 
ber IDU and the second master digital signature 
SA2 and an IC card terminal has terminal informa- 
tion memory means wherein there are written, as 
terminal information, from the management center 
a master public key nA for verifying the master 
digital signatures, terminal secret keys pT and qT 
for creating a terminal digital signature and a termi- 
nal public key nT for verifying the terminal digital 
signature. This method includes: 

a step wherein the IC card transmits the card 
identification number IDU and the first and second 
master digital signatures SA1 and SA2 to the IC 
card terminal; 

a step wherein the IC card terminal verifies the 
validity of the first master digital signature SA1 
and, if it is valid, prompts the card user to input a 
password Nc* and transmits it to the IC card after it 
is input; 

a step wherein the IC card matches the pass- 
word Nc* received from the IC card terminal with 
the password Nc stored in the card information 
memory and. if they match, transmits an authen- 
tication signal to the IC card terminal; and 

a step wherein upon receiving the authentica- 
tion signal, the IC card terminal becomes enabled 
for providing a service, and after the service, the IC 
card terminal records information including a value 
V corresponding to the charge for the service ren- 
dered and the card identification numt)er IDU re- 



ceived from the IC card, as usage/management 
information, in usage/management information 
memory means. 

According to a third aspect of the present 

5 invention, the IC card includes: 

card information memory means for recording 
a master public key nA for verifying a master 
digital signature SA created using master secret 
keys pA and qA, a card identification number IDU 

70 for specifying or identifying the IC card, card secret 
keys pU and qU for creating a digital signature, a 
card public key nU for verifying the digital signa- 
ture, and a first master digital signature SA1 for 
information containing the card identification num- 

75 ber IDU and the card public key nU, the first 
master digital signature SA1 being created using 
the master secret keys pA and qA; 

means for transmitting the card identification 
numt>er IDU, the card public key nU and the first 

20 master digital signature SA1 to the IC card termi- 
nal; 

means which receives a terminal identification 
number IDT, a terminal public key nT and a sec- 
ond master digital signature SA2 from the IC card 

25 terminal, verifies the second master digital signal 
SA2 through use of the master public key nA 
recorded in the card information memory means 
and. if it is valid, transmits to the IC card terminal 
an authentication signal which enables it for provid- 

30 ing a service; and 

usage infonmation memory means for record- 
ing usage information including the remaining value 
\r updated by subtracting using the charge for the 
service rendered. 

35 According to a fourth aspect of the present 

invention, the IC card terminal includes: 

memory means for recording a master public 
key nA for verifying a master digital signature SA 
created using master secret keys pA and qA, a 

40 terminal identification number IDT for identifying 
the IC card terminal, terminal secret keys pT and 
qT for creating a terminal digital signature, a termi- 
nal public key nT for verifying the terminal digital 
signature and a second master digital signature 

45 SA2 for information including the terminal iden- 
tification number IDT and the terminal public key 
nT, the second master digital signature SA2 being 
created using the master secret keys pA and qA; 
means for transmitting the terminal public key " 

50 nT, the terminal identification numfc>er IDT and the 
second master digital signature SA2 to an IC card; 

means which receives a card identification 
number IDU, a card public key nU and a first 
master digital signature SA1 from the IC card, 

55 verifies the first master digital signature through 
use of the master public key recorded in the mem- 
ory means and. if it is valid, enables the IC card 
terminal for providing a service; and 
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means which updates remaining value through 
use of the charge for the service rendered and 
transmits to the IC card usage information including 
the updated remaining value. 

A digital signature scheme capable of proving 
that a person who transmitted digital information 
acknowledged it, just like he puts his seal to a 
document, is already established as disclosed in, 
for example. "ESIGN: An Efficient Digital Signature 
Scheme." NTT R&D Vol. 40, No. 5. 1991, pp687- 
686. or U.S. Patent No. 4,625,076. According to the 
digital signature scheme, a document M and a 
secret key Q are used and a digital signature S(M) 
is created using a signature creating function, then 
the signature S(M) and the document M are trans- 
mitted to the other party. The other party performs 
a computation by substituting the received docu- 
ment M and signature S(M) and a public key U into 
a signature verifying function. If the computed re- 
sult satisfies predetermined conditions, then it is 
verified that the digital signature S(M) was attached 
to the document M by a person having the secret 
key Q. and he cannot deny the fact. In this in- 
stance, the Q and U are different prime numbers of 
extremely large values (that is, Q U). and this 
scheme features a mathematical property that the 
value Q cannot be computed even if the value of U 
is known. Furthermore, even if slightly altered, the 
document can be proved invalid. It is set forth in 
the above-noted literature that these digital signa- 
ture functions could fc>e executed within a practical 
processing time on the scale of a program mount- 
abte on IC cards, through utilization of an algorithm 
called ESIGN. 

Other digital signature schemes applicable to 
the present invention are an EIGamal scheme (T. 
E. EIGamal: A public key cryptosystem and a sig- 
nature scheme based on discrete algorithm. Proc. 
of Crypto'84, 1984), a DSA (Digital Signature Al- 
gorithm, made public by the National Institute of 
Standards and Technology of the U.S. Department 
of Commerce) scheme, and a Micali-Shamir 
scheme (S. Micali and A. Shamir: An improvement 
of the Fiat-Shamir identification and signature 
scheme. Proc. of Crypto '88, pp244-247. 1988). for 
instance. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Rg. 1 Is a block diagram illustrating the system 
configuration of an embodiment of the present 
invention; 

Rg. 2 is a block diagram showing an example of 

the configuration of an IC card terminal; 

Fig. 3 is a block diagram showing an example of 

the configuration of an IC card; 

Rg. 4A is a diagram showing processing of a 

management center for setting the IC card ter- 



minal; 

Rg. 4B is a diagram showing processing of an 
IC card dispenser when dispensing the IC card; 
Rg. 4C is a diagram showing procedures be- 

5 tween the IC card and the IC card dispenser for 
dispensing and recharging the latter; 
Rg. 5 is a diagram showing procedures between 
the IC card and the IC card terminal; 
Rg. 5A is a functional block diagram of the IC 

70 card in the embodiment of Fig. 5; 

Rg. 58 is a functional block diagram of the IC 
card terminal in the embodiment of Rg. 5; 
Rg. 6 is a diagram showing another example of 
the procedure between the IC card and the IC 

75 card terminal; 

Rg. 7 is a diagram showing, by way of example, 
procedures between the IC card, the IC card 
terminal and the management center at the time 
of writing amount-of-money information into the 

20 IC card; 

Rg. 8 is a block diagram showing the distribu- 
tion of encrypting keys for cipher communica- 
tion between the IC card, the IC card terminal, 
the IC card dispenser and the management cen- 

25 ter; 

Rg. 9 is a diagram showing the payment of 
charges by the IC card according to another 
emtxKJiment of the present invention; 
Rg. 10 is a diagram illustrating a modified form 
30 of the Rg. 5 embodiment which utilizes a time 
stamp; 

Rg. 11 is a diagram showing a time stamp 
updating algorithm; 

Rg. 12 is a diagram illustrating a modification of 
35 the Rg. 10 embodiment which employs random 
numt)ers; 

Rg. 13 is a diagram showing procedures for 
registering a password in an IC card applied to a 
credit card, by use of the IC card terminal; 
40 Rg. 14 is a diagram showing procedures for 
receiving a service by use of the IC card with 
the password registered therein by the process 
depicted in Rg. 13; 

Rg. 15 is a diagram showing another example 
45 of the password registration procedure; 

Fig. 16 is a diagram showing procedures for 
receiving a service by use of an IC card with the 
password registered therein by the process de- 
picted in Rg. 15; and - " 
50 Fig. 17 is a diagram illustrating another embodi- 
ment of procedures for receiving a service by 
use of an IC card applied to a credit card. 

DESCRIPTION OF THE PREFERRED EMBODI- 
55 MENTS 

In Rg. 1 there is illustrated in block form an 
example of the configuration of a card system for 
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making the payment of charges through use of an 
IC card according to the present invention. IC card 
terminals 2a. 2b, ... perform processing for the 
payment of charges for services rendered to an IC 
card 6. For example, when the IC card 6 is a 
prepaid telephone card, the IC card terminals 2a. 
2b, ... provide service by telephone: The IC card 
terminals 2a, 2b, .... when installed, are each con- 
nected via a communication network 3 to a man- 
agement center 4 which sets and holds security 
information under its control. In tfie following de- 
scription the IC card terminals will be indicated 
generally by a numeral 2 except when a particular 
one of them is intended. The IC card 6 has initial 
data written by the IC card dispenser 5 when it is 
issued, and security information necessary for the 
IC card 6 is provided from the management center 
4. Incidentally, in the case where some functions of 
the management center 4 are mounted on a porta- 
ble telephone terminal or the like so that they are 
brought to the place where the IC card terminal 2 
is located, the tC card terminal 2 need not always 
be connected via the communication network 3 to 
the management center 4 when it is installed. 

Rg. 2 illustrates an example of the internal 
configuration of the IC card terminal 2 and Rg. 3 
an example of the internal configuration of the IC 
card 6. The IC card terminal 2 comprises an IC 
card reader/writer 11 which reads and writes the IC 
card 6 inserted thereinto, function buttons 12 as of 
a keyboard, a display 13, a telephone controller 14, 
a network interface 15 for processing communica- 
tion via the communication network 3, a handset 16 
and a speech circuit 17. 

In the IC card 6 there are stored in a ROM 61 
programs for IC card procedures, digital signature 
creating and verifying algorithms and so forth, and 
a CPU 63 controls the entire processing of the IC 
card while utilizing a RAM 62 as a work area and 
communicates with the IC card reader/writer 1 1 of 
the IC card terminal 2 via an I/O interface 65 and 
contacts 66. 

Rg. 4A shows the process that is performed 
when the IC card terminal 2 is installed. The IC 
card terminal 2 receives from the management 
center 4 such pieces of terminal information as 
listed be\ovf when it is installed. 

(1) Master public key nA for verifying a master 
digital signature of the management center 4; 

(2) Terminal secret keys pT and qT for the IC 
card terminal 2 to create a digital signature; 

(3) Terminal public key nT for verifying the 
digital signature of the IC card terminal 2; 

(4) Terminal identification number IDT for iden- 
tifying the IC card terminal 2; and 

(5) Master digital signature SA(nT:*IDT) by the 
management center for the terminal public key 
nT and the terminal identification number IDT, 



where the symbol represents concatenation- 
-for example, 001*0101 =0010101. 
After receiving these pieces of information, the 
IC card terminal 2 verifies the validity of the master 

5 digital signature SA(nT*IDT) through use of the 
terminal public key nT. the terminal identificaion 
number IDT and the master public key nA, and if 
the master digital signature SA(nT*IDT) is valid, 
then the IC card terminal 2 records these pieces of 

70 information in a terminal information area 2Mi of a 
memory in the telephone controller 14. No descrip- 
tion will be given of the method for verifying the 
digital signature, because it is disclosed in the 
afore-noted various digital signature schemes. As 

75 described previously, the verification of the digital 
signature S(M) generally calls for an unsigned full 
document M and a public key for verification use. 
but in the following description there are cases 
where a simplified description, "the digital signa- 

20 ture is verified using the public key" or "digital 
signature is verified" is used. 

Incidentally, the management center 4 has set 
therein its master secret keys pA and qA and has 
functions of creating a different terminal identifica- 

25 tion number IDT for each IC card terminal 2 and 
the terminal public key nT and the terminal secret 
keys pT and qT corresponding to the terminal 
identification number IDT. 

It is preferable that the terminal secret keys pT 

30 and qT be recorded in the terminal information 
area 2Mi in the IC card terminal 2 which is not 
easily accessible from the outside, for example, in 
a RAM of a one-chip CPU or t>attery backup RAM 
of a construction wherein the power supply from 

35 the battery is cut off when the IC card terminal 2 is 
abused. 

In Rg. 4B there is shown the process that is 
performed by the IC card dispenser 5 when it 
issues the IC card 6. The IC card 6 receives from 

40 the IC card dispenser 5 such pieces of card in- 
formation listed below that need to be held in the 
IC card 6. These pieces of information are provided 
in advance from the management center 4 to the 
IC card dispenser 5. 

45 (1 ) Master public key nA for verifying the master 
digital signature of the management center 4; 

(2) Card secret keys pU and qU for the IC card 
6 to create it digital signature; 

(3) Card public key nU for verifying the digital 
50 signature of the IC card 6; 

(4) Card identification number IDU for identifying 
the IC card 6; 

(5) Master digital signature SA(nU*IDU) of the 
management center 4 for the card public key nU 

55 and the card identification number IDU. 

After receiving these pieces of card informa- 
tion, the IC card 6 verifies the validity of the master 
digital signature SA(nU*IDU) through use of the 
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master public key nA and, if it is valid, the IC card 
6 records these pieces of card information in a 
predetermined area (hereinafter referred to as a 
card information area) 6Mi in an EEPROM 64. 
Since the EEPROM 64 in the IC card 6 usually is 
not directly accessible from the outside, these 
pieces of card information cannot be read out to 
the outside of the IC card unless a predetermined 
procedure is executed. In particular, the card secret 
keys pU and qU need not be read out to the 
outside of the IC card 6 after once recorded there- 
in, and hence they may preferably be held un- 
readable. In the process shown in Fig. 4B an 
amount of money is not yet written into the IC card 
6. 

The management center 4 has functions of 
creating a different card identification number IDU 
for each IC card and the card public key nil and 
the card secret keys pU and qll con'esponding to 
the IC card identification number IDU. 

Rg. 4C shows processing for writing into the IC 
card 6 the amount of money prepaid therefor when 
it Is a prepaid card. The procedure shown in Fig. 
4C is used for initial issuing of the IC card 6 and 
recharging an amount of money into the IC card 6 
when no money is left over. 

The IC card 6 transmits to the IC card dis- 
penser 5 the public key nU, the identification num- 
ber IDU and the master digital signature SA- 
(nU*IDU) which it read out of the card information 
area 6Mi. The IC card dispenser 5 verifies the 
master digital signature SA(nUIDU) by the master 
public key nA preset therein and, if valid, recog- 
nizes that the IC card is valid. In this instance, the 
IC card dispenser 5 transmits to the IC card 6 a 
master digital signature SA(V1DU) for a prepaid 
amount of money V (i.e. an initial value of the 
remainder) and the card identification number IDU 
and the amount of money V. provided from the 
management center 4, and an IC card dispenser 
identification number IDC preset in the IC card 
dispenser 5. The IC card 6 verities the master 
digital signature SA(V*IDU) by the master public 
key nA and, if valid, records these pieces of in- 
formation in a usage information area 6M2 of the 
EEPROM 64 in the IC card 6. 

It is also possible to employ a system configu- 
ration in which, for each IC card issuing process, 
the IC card dispenser 5 is connected online to the 
management center 4 to transmit thereto the IC 
card identification number IDU and the value V 
received from the IC card 6 and the IC card dis- 
penser 5 receives, in turn, tfie master digital signa- 
ture SA(\riDU) of the management center 4. Alter- 
natively, these pieces of information may be 
prestored in the IC card dispenser 5. 

Fig. 5 shows processing for the card user to 
receive a service from the IC card terminal 2 by 



use of the IC card 6 which is a prepaid card. Rgs. 
5A and 5B show functional blocks of the IC card 6 
and the IC card terminal 2. In this case, however, 
random generating parts 6C and 2C are shown 

5 corresponding to an embodiment described later in 
respect of Rg. 6. In the usage information area 
6M2 of the EEPROM 64 in tiie IC card 6 there are 
recorded, as card usage information, the initial val- 
ue V, master digital signature SA(V*IDU) and card 

70 dispenser identification number IDC. When the 
user inserts the IC card 6 into the IC card read- 
er/writer 11 of ttie IC card terminal 2. the card 
public key nU, the card identificaion numt>er IDU 
and the master digital signature SA(nUlDU) are 

75 sent from the IC card 6 to the IC card terminal 2. 

The IC card terminal 2 verifies the master 
digital signature SA(nU^DU) by the master public 
key nA in a verifying part 2A (Fig. 5B) and. if valid, 
sends via a transmitting/receiving part 2E to the IC 

20 card 2 the pieces of terminal information nT. IDT 
and SA(nT*IDT) read out of the terminal information 
area 2Mi. The IC card 6 receives these pieces of 
> terminal information via a transmitting/receiving part 
6D and verifies the validity of the master digital 

25 signature SA(nT*IDT). If it is valid, then the remain- 
ing value V. the identification number IDC and the 
master digital signature SA(V*IDU), which are 
pieces of card usage information read out of the 
usage information area 6M2 of the memory 64 In 

30 the IC card 6. and a digital signature SU(V) of the 
IC card, which is generated for the value V in a 
digital signature creating part 68 through use of the 
card secret keys pU and qU, are sent to the IC 
terminal 2. 

35 The IC card terminal 2 verifies the received 

digital signature SU(V) by the card public key nU 
and the value V in the verifying part 28. If it is 
valid, then the IC terminal 2 further checks the 
master digital signature SA(V * IDU) by the pieces 

40 of information nA, V and IDU to ensure that the 
value V has not been falsified, after which the IC 
terminal 2 displays the remaining value V of the IC 
card 6 on a display 13. While referring to the 
guidance provided on the display 13, the user 

45 specifies his desired service by pressing the func- 
tion buttons 12. The IC card terminal 2 reads out 
the charge for the thus specified service from a list 
prestored in a memory of the telephone controller 
14 or accesses the communication network 3 and 

50 receives the necessary service charge information 
via the network interface 15 from the communica- 
tion network 3 or a service center (not shown). The 
IC card terminal 2 compares the charge for the 
service (hereinafter referred to as a service charge) 

55 V and the remaining value V and. when the latter is 
larger than the former, the IC card terminal 2 
begins to provide the specified service. For exam- 
ple, in the case of a telephone service, when the 
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value V is 10 yen or more, the IC card terminal 2 
provides a prompt on the display 1 3 for input of the 
telephone number of a subscriber to be called and 
originates a call as the user dials the number. 

In the above, when any one of the digital 
signatures is found invalid through verification, the 
IC card terminal 2 stops processing at that point 
and ejects or returns the IC card 6 to the user. 

After completion of the service or call, the 
telephone controller 14 of the IC card terminal 2 (a 
remaining value updating part 2D in Fig. 5B) sub- 
tracts the service charge v— prestored in the mem- 
ory of the telephone controller 14 or transmitted 
from the communication network 3 or service cen- 
ter-from the remaining value V to obtain a new 
remaining value V, after which the telephone con- 
troller 14 creates, in its digital signature creating 
part 2B, a terminal digital signature ST(V*IDU) for 
the value V and the card identification number IDU 
through use of the terminal private keys pT and qT. 
Then the IC card terminal 2 sends the value V and 
the digital signature ST(V"IDU) to the IC card 6. 

The IC card 6 verifies the received digital sig- 
nature ST(V"IDU) by the public key nT in the 
verifying part 6A and, if it is valid, records the 
remaining value V and the other pieces of Informa- 
tion nT, IDT, SA(nriDT) and ST(\riDU) received 
from the IC card terminal 2, as card usage Informa- 
tion, in the usage information area 6M2 of the 
EE PROM 64, erasing the previous card usage in- 
formation. That is, the card usage information in 
the usage Information area 6M2 is updated as 
indicated by the anrow in Rg. 5. 

It is also possible to employ a configuration in 
which in the case of updating the usage information 
area 6M2 in the EEPROM 64 of the IC card 6 with 
the current card usage information including the 
new remaining value V received from the IC card 
terminal 2, the current remaining value V is com- 
pared with the previous remaining value V in the 
usage information area 6M2 and if the latter is 
greater than the former, then the new remaining 
value V is regarded as abnormal or invalid. When 
such an abnormality is detected, the usage in- 
formation area 6M2 of the IC card 6 is not updated 
but instead a code representing the abnormality 
detection is written into the IC card 6 to prevent its 
further use. This ensures to prevent the remaining 
value of the IC card 6 from being raised by altering 
the IC card terminal 2. Upon completion of the 
updating of the usage information area 6M2, an 
authentication information (OK) representing it is 
sent to the IC card terminal 2. 

In this embodiment, when either one of the 
digital signatures SA and ST is abnormal, the re- 
maining value is not updated but instead the ab- 
normal contents of the IC card are recorded in a 
code form. 



Since the IC card 6 and the IC card terminal 2 
transmit to and receive from each other their iden- 
tification numbers appended with the master digital 
signature of the management center as mentioned 

5 above, even if the transmitted and received con- 
tents are falsified by altering the IC card 6 or IC 
card terminal 2, the abuse can be detected by the 
verification of the digital signature at the receiving 
side. Moreover, even if the contents of the IC card 

10 could be copied to another IC card using a stolen 
IC card terminal, the falsification of the master 
digital signature of the management center for the 
card identification number is so difficult that there 
is no choice but to copy it; hence, such a copy can 

75 be checked by acquiring data of the abused IC 
card. 

In Rg. 6 there are shown procedures for pro- 
viding Increased security against wire tapping of 
communication between the IC card 6 and the IC 

20 card terminal 2 through use of random numbers in 
the procedure of sending the remaining value V* 
from the former to the latter. 

When the IC card tenminal 2 recognizes the 
validity of the IC card 6 inserted thereinto, by 

25 verifying the master digital signature SA(nU*IDU) 
received from the IC card 6 as described above 
with respect to Rg. 5, the IC card terminal 2 
generates a random number R in a random gen- 
erating part 2C (Rg. 5B) and sends it to the IC card 

30 6 together with the pieces of information nT. IDT 
and SA(nT*IDT). The IC card 6 verifies the master 
digital signature SA(nT*IDT) by the master public 
key nA and the received pieces of information nT 
and IDT. When the master digital signature is valid, 

05 the IC card 6 generates a random number X in a 
random generating part 6C (Rg. 5A) and creates a 
digital signature SU(R"X*V) of the IC card 6 for the 
random number R, the random number X and the 
remaining value V by use of the card secret keys 

40 pU and qU and then sends the thus created digital 
signature to the IC card terminal 2 together with the 
random number X and the pieces of card usage 
information V, SA(\riDU) and IDC read out of the 
usage information area 6M2 . 

45 The IC card terminal 2 checks the master 

digital signature SA(\riDU) to ensure that the re- 
maining value V was provided from a valid terminal 
(including an IC card dispenser) to the iC card 6. 
Furthermore," the IC card terminal 2 verifies the 

50 digital signature SU(ROCV) through use of the re- 
ceived X, V, the card public key nU and the pre- 
viously generated random number R to ensure that 
the remaining value V is one that was received 
from the valid IC card 6. Then the IC card terminal 

55 2 permits the start of the service specified by the 
card user. 

Upon completion of the service, the IC card 
terminal 2 generates a digital signature ST- 
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(R*XV'1DU) for a new remaining value the card 
identification number IDU and the randonn numbers 
R and X and sends it to the IC card 6 together with 
the new remaining value V. The IC card 6 verifies 
the digital signature ST(R*X^'1DU) by the pieces 
of information IDU, R, X, V and nT to ensure that 
the remaining value V* is valid, thereafter updating 
the usage information area 6M2 with all the pieces 
of information received from the IC card terminal 2. 

With such a configuration, the random numbers 
R and X take different values for each use of the IC 
card, and consequently, the digital signatures SU 
and ST also change. Hence, even if an outsider 
intercept signals between the IC card 6 and the IC 
card terminal 2 and sends to the latter the same 
signals as those intercepted without using any IC 
card, the signals do not match because of different 
random numbers; therefore, wrong manipulation 
can be prevented. Moreover, even if the inter- 
cepted signals are sent by some means to the IC 
card 6 in the process of updating the remaining 
value, the signals do not match, and hence such 
wrong manipulation can t>e prevented. 

Rg. 7 shows procedures which provide in- 
creased security through use of random numbers 
at the time of writing the prepaid value into the IC 
card 6 when it is initially issued or recharged. It is 
assumed here that the IC card dispenser 5 and the 
management center 4 are connected online as 
shown in Rg. 1. 

When inserted into the IC card dispenser 5, the 
IC card 6 sends thereto the card public key nU, the 
card identification numt>er IDU and the master digi- 
tal signature SA(nU*IDU). The IC card dispenser 5 
verifies the validity of the master digital signature 
SA(nUIDU) by the master public key nA to ensure 
that the IC card is valid. Then the IC card dis- 
penser 5 generates a random number Y and sends 
it to the IC card 6 together with the amount in- 
formation V and the dispenser identification num- 
ber IDC. 

The IC card 6, in turn, generates the random 
number X and then generates a digital signature 
SU(YOCV) for the random numt>ers Y and X and 
the amount information V, thereafter sending it to 
the IC card dispenser 5 together with the random 
numt)er X. 

The IC card dispenser 5 verifies, in turn, the 
digital signature SU(rx*V) by the card public key 
nU and, if it is valid, transmits the random numbers 
X and Y, the amount information V and the card 
identificaion number IDU to the management cen- 
ter 4. 

The management center 4 generates a master 
digital signature SA(Y*XV*IDU) for these pieces of 
information received from the IC card dispenser 5 
and transmits it therethrough to the IC card 6. The 
IC card 6 recognizes the validity of the manage- 
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ment center 4 through verification of the master 
digital signature SA(YOC\nDU) by the master pub- 
lic key nA and records the entire information re- 
ceived from the IC card dispenser 5 in the usage 

5 information area 6M2 in the memory 64. 

Incidentally, the IC card dispenser 5 may be of 
a configuration wherein It does not perform the 
verification processing but only reads and writes 
data into the IC card 6. In such an instance, the IC 

70 card dispenser 5 functions only as a relay for the 
respective information, and the verification of digital 
signatures and the generation of the random num- 
ber are preformed by the management center 4. 
Rg. 8 shows procedures for setting a secret 

75 key which is used not only to encrypt the contents 
of communication at the transmitting side but also 
to decrypt them at the receiving side so as to 
prevent the information from being stolen or fal- 
sified on the communication path between the 

20 management center 4, the IC card terminal 2, the 
IC card 6 and the IC card dispenser 5 which are 
each located at a place remote from the others and 
transmit information thereto using a communication 
procedure. 

25 The management center 4 has an encrypting 

function E for cipher communication, a temporary 
common key Ktemp and a common key KO for 
encryption use. and a key creating master key KA 
for deriving encrypting keys KT and KU for cipher 

30 communication from specific information such as 
terminal and card identification numbers IDT and 
IDU. In this case, it is possible to use, as the 
encrypting function E, an algorithm FEAL disclosed 
in "Fast data encipherment algorithm FEAL." 

35 lECEJ Technical Report IT 86-33 (1986), for in- 
stance. The encipherment of the document M by 
the key K will be indicated by EK {M} . 

The IC card terminal 2 has the temporary com- 
mon key Ktemp recorded in its memory when it 

40 was manufactured, and when it is installed, it re- 
ceives the encrypting terminal key KT and the 
common key KO by a cipher communication using 
the temporary common key Ktemp and records 
these keys KO and KT in the memory. Thereafter, 

45 the transmission and reception of signals between 
the management center 4 and the IC card terminal 
2, described previously in conjunction with Rg. 4A, 
are candied out by cipher communication using the 
key KT inherent to the terminal 2. 

50 The IC card 6 has the temporary common key 

Ktemp recorded in its memory when it was fab- 
ricated, and when it is issued, it receives the en- 
crypting key KU and the common key KO via the 
IC card dispenser 5 and records these keys KU 

55 and KO in the memory. The encrypting key KU is 
generated from the card identification number IDU 
under the master key KA. 
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The key KU may be delivered from the man- 
agement center 4 to the IC card dispenser 5 to- 
gether with the pieces of data nA. IDU, ... when 
they are delivered as described previously with 
respect to Rg. 5B. After this, the transmission and 
reception of signals between the IG card 6 and the 
IC card dispenser 5 described previously in re- 
spect of Figs. 4B and 4C are performed by ciper 
communication using the key KU inherent to the 
card 6. 

On the other hand, the transmission and recep- 
tion of signals between the IC card terminal 2 and 
the IC card 6 shown in Rgs. 5 and 6 are carried 
out by cipher communication using the common 
key KO. 

In the case where the IC card dispenser 5 and 
the management center 4 are connected online as 
described previously with reference to Rg. 7, the 
transmission of the card identification number IDU 
from the IC card 6 to the management center 4 
enables the latter to derive the key KU from the 
card identification number IDU by use of the mas- 
ter secret key KA; therefore, it is possible to pro- 
vide increased security by using the encrypting 
key KU inherent to the card, in place of the com- 
mon key KO, for writing the prepaid amount into 
the card or recharging it. 

While the foregoing description has been given 
on the assumption that the IC card dispenser 5 and 
the management center 4 are located at different 
places, they may be formed as a unitary structure 
with each other, and it is also possible to enclose 
the IC card dispenser 5 and the IC card terminal 2 
in the same housing. Moreover, in the cases of 
transmitting the terminal secret keys pT and qT 
from the management center 4 to the IC card 
terminal 2 and transmitting the card secret keys pU 
and qU from the IC card dispenser 5 to the IC card 
6. security can be further increased by transmitting 
the keys together with the master digital signature 
of the management center 4 and by verifying the 
signature at the receiving side. 

According to the embodiments of Rgs. 5 and 
6, since the IC card 6 and the IC card terminal 2 
each transmit the Identification number and the 
public key to the other together with the master 
digital signature of the management center 4. even 
if the contents of communication are falsified by. 
for example, forcing the IC card terminal 2 open, 
the falsification can be detected by verifying the 
master digital signature of the management center 
4 at the receiving side. Furthermore, even If the 
contents of the IC card 6 could be copied to 
another IC card by a stolen IC card terminal, for 
Instance, the falsification of the master digital sig- 
nature of the management center 4 is so difficult 
that there is no choice but to copy it intact; there- 
fore, the copy could be checked by acquiring data 



of the IC card used. 

Besides, it is impossible to issue an IC card 
equivalent to a normal or valid one by altering a 
stolen IC card terminal or through use of a personal 

5 computer and an IC card reader unless the master 
secret key for generating the master digital signa- 
ture of the management center, placed under strict 
supervision, is known. In addition, since the validity 
of the IC card and the IC card terminal is verified 

TO by the identification number appended with the 
master digital signature of the management center 
4 as referred to above, the IC card terminal 2 does 
not need to inquire of the management center 4 
atx)ut the validity of the IC card 6 prior to or during 

75 the service being rendered. 

Turning next to Rg. 9, a description will be 
given of an embodiment of the invention improved 
from the Rg. 6 embodiment applied to the prepaid 
card system. As in the Fig. 6 embodiment, the IC 

20 card system, each IC card terminal and the IC card 
are basically identical in configuration with those 
shown in Rgs. 1, 2 and 3, except that the IC card 
terminals 2a. 2b, ... each have a list of invalid IC 
card identification numbers IDUI. IDU2, ... prestor- 

25 ed in a memory area 2M2 of its internal RAM as 
described later on. The invalid identification num- 
ber list is written into the memory area 2M2 by a 
down load from the management center 4, for 
instance, when the IC card terminal 2 is installed. 

30 and thereafter the list is updated by the manage- 
ment center 4 as required. 

Fig. 9 shows processing for the card user to 
receive his desired service at the IC card terminal 
2b different from that 2a used previously. The 

35 pieces of information or data prestored in the card 
Information area 6M1 of the EEPROM 64 of the IC 
card 6 and in the terminal information area 2Mi of 
the RAM in the telephone controller 14 of the IC 
card terminal 2b are the same as in the case of the 

40 Fig. 6 embodiment. In this case, however, symbols 
representing pieces of information or data inherent 
to the respective IC card terminals 2a and 2b will 
be identified by superscripts "a" and "b", respec- 
tively. In the usage information area 6M2 of the 

45 memory 64 of the IC card 6 there is retained the 
previous usage information, which includes the re- 
maining value V. the terminal identification numljer 
IDT^.tiie terminal public key nT^. the random num- 
bers R^ and X. the master digital signature SA- 

50 (nT^IDT^) and the terminal digital signature ST- 
(R*XV*IDT^) received from the IC card terminal 2a 
used previously as described in connection with 
Fig. 6. The IC card terminal 2b has the afore- 
mentioned list of invalid card identification numbers 

55 IDUI , IDU2. ... in another area 2M2 of the memory. 

When inserted into the IC card terminal 2b 
different from that used previously, the IC card 6 
sends thereto the card identification number IDU. 
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the card public key nU and the master digital 
signature SA(nU*IDU). The IC card terminal 2b 
matches the received card identification number 
IDU with the list of the invalid card identification 
numbers prestored in the memory area 2M2 and, 
when no match is detected, the IC card terminal 2b 
verifies the master digital signature SA(nLnDU). If 
this signature is valid, the IC card terminal 2b 
generates a random number R** and sends it to the 
IC card 6 together with a terminal public key nT'', a 
terminal identification number lOU^ and a master 
digital signature SA(nT^IDT^). 

The IC card 6 verifies the master digital signa- 
ture SA(nT'**IDT'*) and, if it is valid, generates a 
random number X* and a card digital signature SU- 
(R***X'*V) for the random numbers and X' and 
the remaining value V and sends them to the IC 
card terminal 2b together with the pieces of the 
previous card usage information or data R*, X, 
IDT^, nT^. ST^(R**X^1DU) and SA(nT*'IDT^). 

The IC card terminal 2b verifies the card digital 
signature SU(R^V). and the temninal digital sig- 
nature ST^(R^OCV'*IDU) and the master digital sig- 
nature SA(nT*1DT®) of the previous card usage 
information all received from the IC card 6. When 
all the digital signatures are valid, the IC card 
terminal 2b displays the remaining value V and a 
guidance or prompt on the display 13. The user 
specifies his desired service by pressing function 
buttons 12 and receives the service. Upon comple- 
tion of the service, the IC card terminal 2b creates 
a new remaining value V** and a terminal digital 
signature ST^CR^^^'V^IDU) and sends them to the 
IC card 6. 

The IC card 6 verifies the terminal digital signa- 
ture received from the IC card terminal 2b and. if it 
is valid, then updates the usage information area 
6M2 with all the pieces of information received 
from the IC card terminal 2b and sends thereto an 
authentication signal OK. On the other hand, the IC 
card terminal 2b then generates usage manage- 
ment information h from the card identification 
number IDU. the random numbers R^ and X. the 
terminal identification number IDT® and the remain- 
der value V received from the IC card 6 and 
temporarily records them in another area 2M3 of 
the RAM in the telephone controller 14, together 
with the card identification number IDU. In this 
case, the usage management information h may be 
a numerical sequence composed of, for instance, 
IDU. R^, X, IDT^ and V. or its data-compressed 
version by a hash function. 

The card identification number and the data of 
usage information stored in the IC card terminal 2b 
are sent to the management center 4 at proper 
time intervals, for example, every day. In the 
database 4D in the management center 4 there are 
registered card identification numbers (IDUo, IDU1, 



IDU2, ...) and IC card usage management informa- 
tion (hoi. ho2, ho3 for IDUo, for example) received 
so fan Upon newly receiving a card identification 
number and usage management information, the 

5 management center 4 first retrieves the card iden- 
tification number. When the same card identifica- 
tion number is not found, the card identification 
number and the accompanying usage management 
information received from the IC card terminal 2b 

10 are newly registered. When the same card iden- 
tification number Is found, the usage management 
information of the card identification number al- 
ready registered and the usage management in- 
formation newly received are compared and 

75 checked to see if they are the same. If not, the 
latter is additionally registered as new usage man- 
agement infonmation. If the same usage manage- 
ment information Is found, then the card identifica- 
tion number Is registered in the invalid card list 4L 

20 (as IDUioo)- 

When having registered the card identification 
number in the invalid card list 4L, the management 
center 4 calls all of the IC card terminals 2 and 
transmits the registered card identification number 

25 to the IC card terminals 2, wherein it is additionally 
registered in the Invalid card identification number 
list of the memory area 2M2. Hence, when the IC 
card of that card identification number is used, it 
can be decided to be abnormal by checking its 

30 card identification number and its use can be inhit>- 
ited. By constructing the management center 4 so 
that upon registration of the card identification 
number in the invalid card list 4L, all pieces of data 
of that card Identification number in the database 

35 4D are erased, the data retrieval time can be 
reduced. Moreover, by constructing the IC card 
terminal 2 so that it stores new remaining value 
information as well as the card Identification num- 
ber and the usage/management information and 

40 transmits the new remaining value information to 
the management center 4 together with the us- 
age/management information and by providing a 
database of remaining value Information corre- 
sponding to each card identfication. the remaining 

45 value infomfiation can be used to specify the re- 
maining value, for example, when the data of the IC 
card 6 is destroyed. 

As will be seen firom comparison of Figs. 4C 
and 7 with Rgs. 5, 6 and 9. although in the above 

50 the IC card 6 does not initially have, for example, 
the digital signature ST(ROCV*IDU) and the termi- 
nal public key nT of the IC card terminal 2 in the 
usage information area 6M2 of the EEPROM 64, it 
is a matter of course that if initial values cor- 

55 responding to them are recorded in the initial state 
as well, the usage/management information can be 
generated from the beginning of the use of the IC 
card and the whole usage/management information 
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can be held under the control of the management 
center 4. 

While in the above the IC card 6 and the IC 
card terminal 2 are configured so that they have, in 
their card information areas 6Mi and terminal in- 
formation area 2Mi. the secret keys pU. qU and 
pT, qT for generating digital signatures and the 
public keys nil and nT for them, respectively, and 
transmit desired pieces of information together with 
the digital signatures, it is also possible to omit 
such a function to simplify the processing of the IC 
card system. 

Also it is possible to omit either one of the 
random number R and X aKhough security de- 
creases. Conversely, by prestoring algorithms for 
encipherment of information to be transmitted and 
a common key for encipherment and decipherment 
in memories of the IC card 6 and the IC card 
terminal 2, the mutual communication between 
them can be made by cipher communication to 
provide further increased security. 

As described above, according to the Rg. 9 
emtx)diment, since particular card Information num- 
bers are registered in the card identification num- 
ber list of the IC card terminal 2, it Is possible to 
inhibit the use of IC cards of the registered card 
identification numbers. Furthermore, when the IC 
card 6 is used, at least the terminal Identification 
number identifying the IC terminal used and the 
random number generated by at least one of the IC 
card 6 and the IC card terminal 2 are registered as 
previous information in the IC card 6 and when the 
IC card 6 is used next, at least the card identifica- 
tion number and usage/management information 
derived from the card identification number, the 
remaining value before updating and the previous 
Information are registered and supervised in the 
management center as information for specifying 
the initial state of the I C card 6 only In the case of 
updating the remaining value information. \/Vhen the 
card identification number and the us- 
age/management Information of the currently used 
IC card 6 match those already registered, the card 
Identification number is registered as abnormal in 
the card Identification number list of the IC card 
terminal 2, by which it is possible to inhibit further 
use of the IC card 6 of the same card identification 
number as that registered. 

Referring next to Fig. 10. another embodiment 
of the present invention will be described as being 
applied to a prepaid card system. 

Fig. 10 shows procedures for the payment of 
charges by the IC card 6 in an improved version of 
the Fig. 5 embodiment. As in the Fig. 5 embodi- 
ment, the IC card system, the IC card terminal 2 
and the IC card 6 are basically identical in configu- 
ration with those depicted in Figs. 1, 2 and 3. In 
this instance, however, the IC card terminal 2 has 
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in the ROM of the telephone controller a program 
which executes an algorithm for updating a time 
stamp as described later on. For example, the 
afore-noted FEAL can be used as the algorithm for 

5 updating the time stamp. 

The initial value TSo of the time stamp TSt 
may be recorded in a memory area 2M^ of the 
RAM in the telephone controller 14 after being 
received from the management center 4 via the 

10 communication network 3 when the IC card termi- 
nal 2 is installed; alternatively, It may also be 
preset in the memory area 2M2 of the RAM in the 
telephone controller 14 when the IC card terminal 2 
is fabricated. Update Information t is initialized to a 

75 "0", for instance, and it is incremented by 1 upon 
each updating the time stamp TSt. *n the RAM of 
the telephone controller 14 there is provided a 
terminal list area 2M5 for registering a list of termi- 
nal identification numbers IDT of stolen or similarly 

20 troubled IC card terminals, initial values TSo of the 
time stamp corresponding to them and the update 
information t at the time when each trouble was 
found. 

In the configuration of Figs. 1 through 3, the 

25 terminal identification numt)er IDT. the initial value 
TSo of the time stamp and the update information t 
set In each IC card terminal 2 are registered in the 
management center 4. The time stamp TSt set In 
the respective IC card terminal 2 is independently 

30 Updated by its internal timer from the initial value 
TSo. for example, every day under a predeter- 
mined algorithm; namely, the time stamp Is re- 
placed with a new time stamp in a sequential order 
[TSo -* TSi TS2 ... TSt • and thus the 

05 previous time stamps disappear one after another. 
The updating of the time stamp need not always 
be periodic but may also be periodic. Upon each 
updating of the time stamp, the number of updates 
(i.e. the update information or data) t is updated to 

40 t + 1 . Each time stamp TSt and the update Infomna- 
tion t need only to correspond to each other, that 
is, the time stamp may be a mere symbol and 
need not be a quantity. 

Upon updating the update information t, the IC 

45 card terminal 2 automatically calls the management 
center 4 and transmits thereto the terminal iden- 
tification number and the renewed update informa- 
tion. The management center 4 replaces the re- 
ceived update information t for the preregistered 

50 update information t of the corresponding terminal 
Identification number IDT. Incidentally, It is neces- 
sary to utilize, for updating the time stamp TSt . an 
algorithm which generates the succeeding time 
stamp TSt+1 from the current time stamp TSt un- 

55 der an encryption algorithm E using an encrypting 
key K. as exemplified in Fig. 11, to thereby prevent 
the previous time stamp from generation. The 
afore-noted algorithm FEAL, for instance, can be 
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used as such an algorithm. The initial value TSo of 
the time stamp registered in the management cen- 
ter 4 is not updated. In such a state, when the IC 
card terminal 2 is stolen, the management center 4 
is capable of detecting, from the terminal identifica- 
tion number IDT of the stolen IC card terminal 2, 
the initial value TSo of the time stamp of the stolen 
IC card terminal 2 and the update information t of 
the time stamp at the time when the IC card 
terminal 2 was stolen. These pieces of information 
or data are registered in the terminal list of all IC 
card terminals 2 by a down load from the manage- 
ment center 4. 

Rg, 10 is explanatory of the processing for the 
user to receive his desired service at the IC card 
terminal 2b through use of the IC card 6. In the Rg. 
10 emtKXIiment, however, the IC card 6 side has 
no digital signature generating function. In the card 
Information area 6Mi of the EEPROM 64 of the IC 
card 6 there are stored the master public key nA, 
the card identification number IDU and the master 
digital signature SA(IDU) and in the usage informa- 
tion area 6M2 there are stored the remaining value 
V, the terminal identification number IDT®, the ter- 
minal public key nT^, the update information t^, the 
terminal digital signature ST® {TS®t) for the time 
stamp TS®, and the master digital signature SA- 
(nT^IDT^) which are the card usage information 
received from the IC card terminal 2a previously 
used. In this example the master digital signature 
SA(IDU) held in the IC card 6 is shown to t)e a 
master digital signature for only the identification 
number of the IC card, but it is also possible to use 
a master digital signature SA(IDU*mU) for the con- 
catenation of the identification number IDU and 
predetermined infonmation mU. 

In the terminal information area 2Mi of the 
RAM in the telephone controller 14 of the IC card 
terminal 2b there are stored the terminal identifica- 
tion numt)er IDT**, the terminal secret keys pT and 
qT for creating the digital signature, the terminal 
public key nT**. the master public key nA and the 
master digital signature SA(IDT'**nT'*) and in an- 
other predetermined area 2M4 there are recorded 
the latest time stamp TS^ and the update informa- 
tion t** of the IC terminal 2b. In still another area 
2M5 of the RAM in the IC card temninal 2b there 
are recorded, as a table, terminal identification 
numbers IDTi, IDT^ ... of stolen or similarly trou- 
bled IC card terminals, their time stamps TS*o, 

TS'^o and update information t^ t**, ... at the 

points when they were found, which are provided 
from the management center 4. 

When inserted into the IC card reader/writer 1 1 
of the IC card terminal 2b, the IC card 6 sends 
thereto the identification number IDU and the mas- 
ter digital signature SA(IDU) as in the embodiments 
described above. The IC card terminal 2b verifies 



the received master digital signature SA(IDU) by 
the master public key nA and, if it is valid, then 
sends the identification number IDT**, the terminal 
public key nT** and the master digital signature SA- 

5 (IDT'»*nT*') of the IC card terminal 2b itself to the IC 
card 6. Then the IC card 6 verities the validity of 
the received master digital signature SA(IDT^nT*') 
by the master public key nA. The process per- 
formed so far is the same as in the embodiment of 

10 Fig. 5. 

When the master digital signature SACIDT^'^nT**) 
is valid, the IC card 6 sends pieces of tfie previous 
card usage information V, IDT®, t®. nT®. ST®(TS®t) 
and SA(nT*IDT®) to the IC card terminal 2b. The IC 

75 card terminal 2b matches the received card iden- 
tification number IDT® witfi each piece of the data 
IDT>, IDT''. ... in the troubled terminal list and, when 
they do not match, displays remaining value V and 
a guidance or prompt on the display 13. When the 

20 user specifies his desired service by pressing the 
function buttons 12 while referring to the guidance 
displayed on the display 13. the IC card terminal 
2b reads out the charge v for the specified service 
from a list prestored in a memory of the telephone 

25 controller 14 or receives the charge v from the 
service center (not shown) via the communication 
network 3. Then the IC card terminal 2b compares 
the charge v and the remaining value V and starts 
to provide the specified service when the remaining 

30 value V is larger than the service charge v. Upon 
completion of the service, ttie IC card temninal 2b 
subtracts the service charge v from the remaining 
value V to obtain a new remainder value V and 
generates a digital signature ST'*(TS**t) for the cur- 

35 rent time stamp TS^ by the terminal secret or 
private keys pT** and qT* and sends it to the IC 
card 6 together with the pieces of data V and t^. 
The IC card 6 updates the^usage information area 
6M2 in the EEPROM 64 with all the pieces of 

40 information received from the IC card terminal 2b 
together with the remaining value V. 

In the above processing, when the terminal 
identification number IDT** sent to the IC card ter- 
minal 2b matches with any one of those in the 

45 troubled terminal list, the following processing is 
performed. 

(1) Let IDT* represent the terminal identification 
number in tiie list that matched the terminal 
identification number IDT^ sent to the IC card 

50 terminal 2b. The initial value TS\) of the time 
stamp corresponding to the terminal identifica- 
tion number IDT" is recurrsively calculated by 
the number of updating of the update informa- 
tion t® received fi-om the IC card 6 under the 

55 algorithm of Rg. 11 registered as a program of 
the IC card terminal 2b, and the time stamp TS^t 
corresponding to the update information t® is 
obtained as follows: 

12 
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(2) The IC card terminal 2b verifies the validity 
of the signature S"P(TS^) by the time stamp 
TS*! obtained by the above calculation and the 
public key nT^ received from the IC card 6. 

(3) When the digital signature is not valid, the IC 
card terminal 2b decides that the !C card 6 is 
abnormal or invalid and stops further process- 
ing, then ejecting or returning the IC card 6 to 
the user. 

(4) When the digital signature is valid, the IC 
card terminal 2b compares update information ^ 
corresponding to the above-noted terminal iden- 
tification number ID"P in the troubled terminal list 
and the update Information t® received from the 
IC card 6. 

(5) When t^ S t". the update information t^ is 
judged as update information generated before 
the pieces of data IDPTSfe and t^ were regis- 
tered in the terminal list; that is, the IC card 6 is 
judged to be an IC card whose card usage 
information (terminal identification number IDT*, 
update information fi. public key nP and digital- 
ly-signed time stamp ST^fTS^t)) in the usage 
information area 6M2 had been updated by a 
stolen IC card terminal 2j (not shown) of the 
identification number IDT* before it was stolen. 
As the result of this, the IC card terminal 2b 
regards the IC card 6 as valid and performs the 
subsequent processing accordingly. 

(6) When t^ > t". the update information t^ is 
judged as update information generated after 
the pieces of data IDP.TS^o and t* were regis- 
tered in the troubled terminal list; that is, the IC 
card 6 is judged to be an IC card whose card 
usage information was updated by the IC card 
terminal 2j of the identification number IDT* after 
it had been stolen. As the result of this, the IC 
card terminal 2b regards the IC card 6 as invalid 
and discontinues the process and ejects or de- 
tains the IC cards in the IC card terminal 2b. 

Fig. 12 illustrates another embodiment of the 
invention which provides further increased security 
through use of random numfc^ers in the Fig. 10 
embodiment as in Fig. 6, In a ROM 61 of the IC 
card 6 there are recorded an algorithm for generat- 
ing the digital signature and an algorithm for gen- 
erating the random numbers. In the card informa- 
tion area 6M1 in the EEPROM 64 of the IC card 6 
there are stored the information in the card in- 
formation area 6M1 in Fig. 10, together with the 
card secret keys pU and qU and the public key nU 
for the verification of the digital signature. In this 
case, however, the master digital signature used is 
SA(IDU*nU). In the usage information area 6M2 in 
the EEPROM 64 there are held all pieces of card 
usage information received from the previously 
used IC card terminal 2a, that is, the terminal 
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identification numt)er IDT®, the public key nT®. the 
master digital signature SA(nT^IDT®) for them, the 
update information t®. the random number R®. the 
previously generated random number X, a first 

5 digital signature ST®(R*XV*!DU) = S® generated 
by the previously used IC card terminal 2a for the 
random numbers R® and X, the remaining value V 
and the card identification number IDU, and a sec- 
ond digital signature ST®(TSVS^) generated by the 

70 previously used IC card terminal 2a for the first 
digital signature and the time stamp TS%. 

When inserted into the IC card reader/writer 1 1 
of the IC card terminal 2b. the IC card 6 sends 
thereto the card identification number IDU, the pub- 

75 lie key nU and the master digital signature SA- 
(IDLTnU) as in the case of Fig. 10, and the IC card 
terminal 2b verifies the master digital signature SA- 
(IDLTnU) by the public key nU. When the master 
digital signature is valid, the IC card terminal 2b 

20 sends the terminal identification number IDT**, the 
public key nT** and the master digital signature SA- 
(IDT'^^T*') to the IC card 6. The IC card 6, in tum, 
verifies the master digital signature SA(IDT***nT'*) 
and, if valid, sends to the IC card terminal 2b the 

25 pieces of data R®. X. V, IDU, IDT^. t^, SA(nT^ 
IDT®). nT® and ST®(TSVS®) which are the previous 
card usage information. 

Then the IC card terminal 2b verifies the valid- 
ity of the first digital signature S® by the public key 

30 nT®. When the signature S® is valid, the IC card 
terminal 2b matches the received terminal iden- 
tification number IDT® with data in the troubled 
terminal list, and if the former does not match the 
latter, the IC card tenminal 2b generates the ran- 

35 dom number R** and sends it to the IC card 6. In 
response to this, the IC card 6 generates the ran- 
dom number X* and generates a digital signature 
SU(R''"X^ for the random numbers R** and X' and 
the remaining value V by use of the secret keys pU 

40 and qU, then sends it to the IC card terminal 2b 
together with the random number X' and the card 
public key nU. The IC card terminal 2b, in tum, 
checks the validity of the received digital signature 
SU(R'**X'*V) by the public key nU also received 

45 from the IC card 6. When the digital signature is 
valid, the IC card terminal 2b displays the remain- 
ing value V on the display 13 and then provides a 
predetermined service. After completion of the ser- 
vice the IC card terminal 2b obtains the new re- 

50 maining value V and generates a first digital signa- 
ture ST''(R*^'*V*IDU) = S** for the random num- 
bers R** and X\ the remaining value V and the 
card identification number IDU by use of the termi- 
nal secret keys pT** and qT** and, at the same time, 

55 generates a second digital signature ST'^fTSVS'*) 
for the time stamp TS^ and the first digital signa- 
ture S**, thereafter sending them to the IC card 6 
together with the new remaining value V and the 
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update information t**. The IC card 6 checks the 
validity of the received first digital signature by 
the terminal public key nT** also received from the 
IC terminal 2b and, if it is valid, then updates the 
usage information area 6 Ma with the whole informa- 
tion received from the IC terminal 2b. In the event 
that the validity of the digital signature cannot be 
verified in the above, the IC card terminal 2b stops 
processing at that point and ejects or returns the IC 
card 2. 

In the case where the data \DV that matches 
the data IDT^ sent to the IC card terminal 2b is 
found in the troubled terminal list, the same pro- 
cess as described previously is performed. In this 
embodiment, since the random numbers R and X, 
generated by the IC card terminal 2 and the IC 
card 6, are utilized in the transmission and recep- 
tion of information between them, the contents of 
signals will not ever become the same; hence it is 
possible to prevent an abuse using an intercepted 
signal. Moreover, since the IC card 6 and the IC 
card terminal 2 not only conduct mutual verification 
of the master digital signature but also generates 
their own digital signatures and mutually verify 
them, the system security can be further Increased. 

Also in the embodiment of Rg. 12, by prestor- 
ing algorithms for encryption and decryption of 
transmission data and common encrypting and de- 
crypting keys in the memories of the IC card 6 and 
the IC card terminal 2, the communication between 
them can be made by a cipher communication- 
-this also provides further Increased security. 

As described above, according to the embodi- 
ment of Rgs. 10 and 12. when the IC card 6 is 
used, the terminal Identification number of the IC 
card terminal 2 used, the public key for verifying 
the digital signature generated by the IC card ter- 
minal 2, the digital signature produced by the IC 
card terminal 2 for the time stamp at the time of 
the use of the IC card 6 and update information of 
the time stamp are recorded as card usage in- 
formation in a predetermined memory area in the 
IC card 6. When the IC card 6 is used next at a 
different IC card terminal 2, the IC card 6 sends 
thereto the card usage information recorded in the 
above-said memory, and the IC card terminal 2 
specifies the previously used IC card terminal on 
the basis of the terminal identification number in 
the card usage information sent from the IC card 6. 
The IC card terminal 2 matches the specified ter- 
minal numfc»er with those registered In the terminal 
list in the IC card terminal 2, and if the specified 
terminal number matches any one of the registered 
one, then the IC card terminal 2 will read out of the 
terminal list the Initial value of the time stamp 
corresponding to the registered terminal number 
and the update information also corresponding 
thereto. 



The IC card terminal 2 updates the initial value 
of the time stamp by a predetermined algorithm on 
the basis of the update information received from 
the IC card 6 to obtain the time stamp of the IC 

5 card terminal at the time when its was used pre- 
viously. The IC card terminal 2 verifies the validity 
of the digital signature for that time stamp by the 
time stamp itself and the public key received from 
the IC card 6 to ensure that the update information 

10 received from the IC card 6 is valid. When the 
update information is valid, the IC card terminal 2 
matches it with the pieces of update information 
recorded in the afore-said terminal list to make a 
check to see if the time of the previous use of the 

75 IC card at the IC card terminal 2. registered in the 
above-mentioned terminal list of the IC card 6 goes 
before or comes after the time when the terminal 
number was registered in the terminal list. If the IC 
card terminal 2 fails to verify the validity of the 

20 digital signature, it will judges that the update in- 
formation or digital signature received from the IC 
card 6 is not normal or valid information and pro- 
cesses the IC card as an abnormal or invalid card. 
Furthenmore, if the terminal identification number of 

25 the IC card terminal 2 is specified in the manage- 
ment center 4. the initial value of the time stamp of 
the IC card terminal of the specified terminal iden- 
tification number and the update information at that 
time point can be known and these pieces of 

30 information can be registered in the terminal list of 
the IC card terminal 2. 

Next, a description will be given of an embodi- 
ment wherein the IC card of the present invention 
is applied to a credit card. In this embodiment the 

35 IC credit card system to which the IC card and the 
IC card terminal of the present Invention are ap- 
plied has the same configuration as shown in Rg. 
1. The IC card terminals 2a, 2b. ■■ perform the 
verification processing by use of the IC card 6 and 

40 provide various services. The management center 
4 holds the charges for the services used by the IC 
card 6. Each IC card terminal 2 stores in its mem- 
ory the identification numt)ers of the IC cards used 
at that terminal and the charges for the services 

45 rendered and automatically calls the management 
center 4 at regular time intervals, for example, 
every day and transmits the stored information to 
the management center 4 via the communication 
network 3. The management center 4 sums up the 

50 charges for each card identification number and 
demands payment of each user every month, for 
instance. The internal constructions of each IC card 
terminal 2 and the IC card 6 are the same as 
shown in Rgs. 2 and 3. 

55 Fig. 13 is a diagram for explaining the proce- 

dure for the user to register a password in the IC 
card 6 by use of the IC card terminal 2. In the card 
information area 6Mi of the EEPROM 64 of the IC 
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card there are written, at the time of issuing the IC 
card 6 from the IC card dispenser 5, the identifica- 
tion number IDU for specifying the user, a pass- 
word setting number Ns assigned to each user, a 
master digital signature SA(Ns) generated by the 
management center 4 for the password setting 
number Ns by use of a master key, and master 
digital signature SA(IDU*SA(Ns)) generated by the 
management center 4 for the identification number 
IDU and the master digital signature SA(Ns) by use 
of the master key. When these pieces of data are 
written, the validity of the password setting number 
Ns can be checked through verification of the mas- 
ter digital signature SA(Ns) by the public key nA. 

In the terminal information area 2Mi of the 
RAM in the telephone controller 14 of the IC card 
terminal 2 there are prestored the master public 
key nA for verifying the master digital signatures 
created by use of tiie master key. the terminal 
secret keys pT and qT for generating the digital 
signature by the IC card terminal 2 and the termi- 
nal public key nT for verifying the digital signature 
created by the IC card terminal 2. 

When inserted into the IC card reader/writer 1 1 
of the IC card terminal 2, the IC card 6 sends 
thereto the identification numt)er IDU, the master 
digital signature SA(Ns) and the digital signature 
SA{IDU*SA(Ns)). The IC card terminal 2 verifies, in 
turn, the digital signature SA(IDU*SA(Ns)) by the 
master public key nA to ensure the validity of the 
identification number IDU. If the identification IDU 
is judged to be invalid, then the IC card 6 is 
ejected or returned and the process Is discontin- 
ued. When the identification number IDU is judged 
to be valid, a prompt for the "input of password" is 
displayed on the display 13. During the display of 
this prompt the input of a password is enabled and 
the selection of the password registration by press- 
ing a particular one the function buttons 14 is made 
effective. 

Upon selective pressing of the password reg- 
istration command button among the function but- 
tons 14. the IC card terminal 2 proceeds to the 
password registration process. The IC card terminal 
2 sends a notice of the password registration to the 
IC card 6 to Indicate thereto the start of the pass- 
word registration process, while at the same time 
the IC card terminal 2 provides a display "ENTER 
IDENTIFICATION NUMBER" on the display 13 to 
urge the user to enter the identification number. 
Upon entering of the identification number IDU* by 
the user with pushbuttons, the 10 card terminal 2 
matches it with the Identification number IDU pre- 
viously received from the IC card 6 to check the 
validity of the identification number IDU' Input by 
the user. When the both identification numbers do 
not match, the IC card terminal urges again the 
user to input the identification number. If the iden- 
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tification numb>er IDU' does not match the previous 
one IDU even after being entered three times, for 
instance, the IC card terminal 2 judges that the IC 
card 6, discontinuing the process. When the iden- 

5 tification numbers match, the IC card terminal 2 
produces a display "ENTER PASSWORD SET- 
TING NUMBER" on the display 13, prompting tiie 
user to enter the setting number. 

Upon entering tiie setting number Ns' by the 

70 user with pushbuttons, the IC card terminal 2 sends 
the setting number Ns' to the IC card 6. The IC 
card 6 matches the currentiy received setting num- 
t>er Ns' with the setting number Ns prestored in the 
afore-mentioned memory to check the validity of 

75 the setting number Ns' entered by the user, they 
not match, the IC card 6 sends a mismatch notice 
to the IC card terminal 2, which urges again the 
user to enter the setting number. In the event that 
the current setting number does not match the 

20 previous one even after being entered three time, 
for example, the IC card terminal 2 judges that the 
IC card 6 being used Is abused and ejects it and 
discontinues the process. When the setting num- 
bers match, the IC card 6 sends an authentication 

25 signal OK (a first authentication notice) to the IC 
card terminal 2. The IC card terminal 2 provides a 
display "ENTER PASSWORD" on the display 13, 
prompting the user to enter the password. Upon 
entering of the password Nc by the user with 

30 pushbottons, the IC card terminal 2 creates a digi- 
tal signature ST{Nc) for the password Nc by use of 
the terminal secret keys pT and qT and sends the 
digital signature ST(Nc) and the terminal public key 
nT to the IC card 6 together with the password Nc. 

35 The IC card 6 verifies the digital signature ST(Nc) 
by the terminal public key nT to check the validity 
of the password Nc. When the password Nc is 
valid, it Is recorded in the RAM 62. The IC card 6 
becomes enabled for use only after the password 

40 Nc is thus registered therein. 

While in the aboye the setting number Ns' is 
verified on the IC card 6, it can also be checked at 
the IC card terminal 2 if the setting number Ns is 
also sent to the IC card terminal 2 together with the 

45 card identification numfc>er IDU at the beginning. 
However, this procedure is not preferable from the 
viewpoint of security, because the setting number 
Ns-informatlon that must be kept strictly secret-is 
transmitted from the IC card 6. Besides, in the 

50 case where the Identification number or setting 
number, entered by pushbuttons, do not match the 
previous one even after being entered three time, 
the IC card 6 could be disabled for further use by 
writing thereinto to the effect that the IC card 6 is 

55 Invalid or abused. 

Fig. 14 is a diagram for explaining the process 
In which the user receives a service at the IC card 
terminal 2 through use of the IC card 6 which is a 
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credit card. In the RAM 62 of the IC card 6 there is 
recorded the password No in the manner described 
above. When inserted into the IC card reader/writer 

12 of the IC card terminal 2, the IC card 6 sends 
thereto the identification number IDU and the mas- 
ter digital signatures SA(Ns) and SA(IDU*SA(Ns)). 
The IC card terminal 2 verifies the digital signature 
SA(IDU*SA(Ns)) by the master public key nA to 
check the validity of the identification number IDU. 
When the identification number IDU is not valid, the 
IC terminal 2 ejects the IC card 6 and discontinues 
the process. When the identification number is 
valid, the IC card terminal 2 provides a display 
"ENTER PASSWORD" on the display 13. While 
this display is being provided, the entering of the 
password is allowed or enabled and the re-registra- 
tion of the password by pressing the function but- 
tons 14 is also effective- In other words, if desired, 
the password can be changed. At this time, when 
the user dials the password Nc*, it Is sents to the 
IC card 6, wherein it is matched with the prestored 
password Nc. When they do not match, the IC card 
6 sends a mismatch notice to the IC card terminal 
2, which prompts the user to re-enter the pass- 
word. In the even that the password does not 
match the prestored one even after entered three 
times, for example, the IC card temninal 2 judges 
that the IC card 6 is invalid, then ejects it and 
discontinues the processing. 

When the password matches the prestored 
one, the IC card 6 sends an authentication signal 
OK (a second authentication notice) to the IC card 
terminal 2, which, in turn, provides on the display 

13 an indication that the user's specified service is 
possible, and then provides the service. For in- 
stance, in the case of a communication service by 
telephone, the IC card terminal 2 displays that the 
telephone number of the other party to be called 
can be dialed, and then connects the user to the 
party of the number dialed by the user. Thus, the 
user is allowed to receive the communication ser- 
vice and upon completion of the service the IC 
card terminal 2 records, in the service information 
area 2M6 of its intemal memory, the identification 
number IDU Identifying the user, the date of use D 
and the charge V and then ejects the IC card 6, 
completing the process. The data stored in the 
internal memory is transmitted to the management 
center 4 once or twice daily, for example. The 
management center 4 sums up the charges for 
each Identification number and submits bills to the 
users and receives payments therefrom every 
month. 

Fig. 15 is a diagram illustrating another em- 
bodiment of the present invention which provides 
increased security of the password registration pro- 
cess shown in Fig. 13. In the card information area 
6Mi in the EEPROM 64 of the IC card 6 there are 



stored the card secret keys pU and qU for generat- 
ing the digital signature by the IC card 6 and the 
card public key nU for verifying the digital signa- 
ture created by the IC card 6 as well as the pieces 

5 of information or data IDU, Ns, SA(Ns) and SA- 
(IDU*SA(Ns)) shown in the corresponding area in 
Rg. 13. Furthermore, the IC card 6 and the IC card 
terminal 2 each have a random number generating 
program stored in its memory. In the password 

10 registration process, when the user enters the 
password Nc by pushbuttons after the verification 
of the identification number IDU' and the setting 
number Ns' by the above-described procedures, 
the IC card terminal 2 creates the random number 

75 R and sends it to the IC card 6. The IC card 6, in 
tum, creates the random number X and then gen- 
erates a digital signature SU(R*X) for the random 
numbers R and X by use of the card secret keys 
pU and qU, thereafter sending the random number 

20 X and the card public key nU to the IC card 
terminal 2 together with the digital signature SU- 
(R*X). 

The IC card tenminal 2 verifies the digital signa- 
ture SU(R*X) by the card public key nU to ensure 

25 that the IC card 6 is a valid party. Then the IC card 
terminal 2 creates a digital signature ST(R*X*Nc) for 
the random numbers R and X and the password 
Nc by use of the terminal secret keys pT and qT 
and transmits the terminal public key nT and the 

30 password Nc to the IC card 6 together with the 
digital signature ST(R"X"Nc). The IC card 6 verifies 
the digital signature ST(R*X*Nc) by the terminal 
public key nT to ensure that the IC card terminal 2 
and the (password Nc are valid, and records the 

35 password Nc in the RAM 62. In this embodiment, 
since the random numbers generated by the IC 
card terminal 2 and the IC card 6 are used in the 
transmission and reception of data between them, 
the signals used will not ever have the same con- 

40 tents-this prevents an abuse of the system through 
utilization of an intercepted signal. Moreover, the IC 
card terminal 2 and the IC card 6 create digital 
signatures and verify them by each other, providing 
increased security. 

45 Fig. 16 is a diagram showing another example 

of the process for receiving a service at the IC card 
terminal 2 through use of the IC card described 
previously with reference to Fig. 1 4. When the user 
enters the password Nc* by pushbuttons after he 

50 inserted the IC card 6 into the IC card terminal 2 
and the identification number IDU was verified by 
the procedure as described previously in respect to 
Rg. 14, the IC card terminal 2 generates the ran- 
dom number R and sends it to the IC card 6 

55 together with the password Nc'. The IC card 6 
matches the received password Nc' with the pass- 
word Nc stored in the memory and, if they match 
each other, the IC card terminal 2 generates the 
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random number X and creates the digital signature 
SU(R*X) for the random numbers R and X by use 
of the card secret keys pU and qU, thereafter 
sending the random number X and the card public 
key nU to the IC card terminal 2 together with the 5 
digital signature SU(RO(). 

The IC card terminal 2 verifies the digital signa- 
ture SU(R*X) by the card public key nU and judges 
that the IC card 6 and the password are both valid, 
and then the IC card terminal 2 provides on the io 
display 13 an indication that the service specified 
by the user is possible and executes the service. 
Upon completion of the service, the IC card termi- 
nal 2 records the identification number identifying 
the user, the data of use D and the service charge is 
V in the service information area 2M6 in its internal 
memory and then ejects the IC card 6, thus com- 
pleting the process. As is the case with the Fig. 1 4 
embodiment, the data in the service information 
area 2M6 is transmitted to the management center 20 
4 periodically, or when the amount of data stored 
reaches a fixed value, or when the IC card terminal 
2 is polled by the management center 4. 

In the above, it is possible to deal with the loss 
of the IC card 6 or similar trouble, by adopting a 25 
system configuration in which the card Identifica- 
tion number IDU for specifying the IC card 6 and 
the master digital signature SA(IDU) the master 
digital signature SA(IDU) and the IC card terminal 2 
verifies the master digital signature SA(IDU) by the 30 
master public key to check the validity of the card 
identification number. In other words, when the 
user reports the loss of the IC card 6 to the 
management center 4, the latter registers the card 
identification number of that IC card 6 in a black 35 
list in the IC card terminal 2 by down load. The IC 
card terminal 2 matches the card identification 
number IDU with those in the black list when the IC 
card 6 is inserted thereinto. If the card identification 
numt)er of the inserted IC card 6 matches any one 40 
of the identification numbers registered in the black 
list, then the IC card 6 can be inhibited from use. 

With a system configuration in which date in- 
formation is prestored in the EEPROM 64 of the IC 
card 6 and sent to the IC card terminal 2 together 45 
with the card identification number IDU when the IC 
card 6 is inserted thereinto and compared with a 
calender incorporated in the IC card terminal 2 to 
judge whether the IC card 6 can be used or not, it 
is possible to employ the IC card 6 as a card of a so 
limited term of validity. 

By storing algorithms for encryption of trans- 
mission data and common keys for encryption and 
decryption in both of the IC card 6 and the IC card 
terminal 2, the communication between them can 55 
be made as a cipher communication, providing 
increased security. 
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As will be seen from the above, in the case of 
employing the IC card 6 and the IC card terminal 2 
in the embodiments of Figs. 13 through 16. the IC 
card 6 and the IC card terminal 2 mutually verify 
their validity and the validity of the user is verified 
by the IC card 6 through the IC card terminal 
2-this eliminates the need of accessing the man- 
agement center having a database concerning user 
information when receiving a service or setting a 
password, and hence permits easy system configu- 
ration. Since there is no need of accessing the 
management center, the verification time can be 
reduced and the operabillty of the system is in- 
creased- Moreover, since the identification number 
is verified on the basis of the digital signature 
created by use of the master key that is known to 
the management center alone, the digital signature 
could never be created using the identification 
number of another user, for example. Further, the 
password cannot be known from an IC card picked 
up and the identification number and the setting 
number are also unknown; hence, the password 
cannot be changed either. It is possible, therefore, 
to construct a system of excellent security. 

Fig. 17 illustrates a modified form of the IC 
card system shown in Fig. 16. The IC card terminal 
2 and the IC card 6 are identical in their internal 
construction with those depicted in Figs. 2 and 3. 
In the card information area 6M1 in the EEPROM 
64 of the IC card 6 there are prestored, at the time 
of issuing the IC card 6. the secret keys pU and qU 
for the creation of its digital signature, the public 
key nU for verifying the digital signature, the IC 
card identification number IDU and the master digi- 
tal signature SA(nU*IDU) of the management center 
4 for the identification number IDU and the public 
key nU. The IC card 6 has the password Nc stored 
therein by the process descrit)ed previously with 
respect to Fig. 15 or 17. The identification number 
IDU of the IC card 6 Is prestored in the manage- 
ment center 4. The user inserts the IC card 6 into 
the IC card terminal 2 when to receive his desired 
service. After completion of the service, the man- 
agement center 4 performs the charging process 
for the IC card 6 used. 

When inserted into the IC card reader/writer 1 1 
of the IC card terminal 2, the IC card 6 sends 
thereto the pieces of information nU. IDU and SA- 
(nU*IDU). The IC card terminal 2 verifies the master 
digital signature SA(nUIDU) by the master public 
key nA and. if it is valid, provides a guidance on 
the display 13 to prompt the user to enter the 
password Nc. 

When the user enters the F>assword Nc* by 
function buttons 12, the IC card terminal 2 sends 
the entered password Nc* and the random number 
R, generated by the IC card terminal 2. to the IC 
card 6. The IC card 6 matches the received pass- 
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word Nc' with the password Nc prestored in the 
memory. When they match each other, the IC card 
6 generates the random number X and creates the 
digital signature SU(ROCNc) for the random num- 
bers R and X and the password Nc by use of the 
secret keys pU and qU stored in the card informa- 
tion area 6Mi in the EEPROM 64. The digital 
signature SU(R*X*Nc) thus created is transmitted to 
the IC card terminal 2 together with the random 
number R. 

The IC card terminal 2 verifies the digital signa- 
ture SU(R*X*Nc) by the card public key nU also 
received from the IC card 6 and, if the digital 
signature is valid, then displays a guidance on the 
display 13 to prompt the user to specify the ser- 
vice to be provided. In the case of a communica- 
tion service by telephone, the user enters the tele- 
phone number of the other party's telephone (not 
shown) by the function buttons 12, after which a 
call to the other party's telephone is originated. 
Upon completion of the call or communication, the 
IC card terminal 2 transmits to the IC card 6 
information which is used to deal with a trouble, 
such as the service charge V, the data D and the 
terminal identification number IDT, and service in- 
formation M = (V*D*IDT) which the user wants to 
make sure afterward. The IC card 6 stores the 
service information M in the EEPROM 64 and 
creates and sends a digital signature SU{M*IDU) for 
the service information M and the card identifica- 
tion numl)er IDU to the IC card terminal 2. 

The IC card terminal 2 verifies the digital signa- 
ture SU(M*IDU) by the card public key nU and. if 
valid, temporarily stores it in the service informa- 
tion area 2M6 of the memory in the telephone 
controller 14 together with the pieces of information 
IDU, nil and M. The data thus stored in the service 
information area 2Me is transmitted via the commu- 
nication network 3 to the management center 4, for 
example, every week, or when the amount of data 
thus stored reaches a fixed value, or the IC card 
terminal 2 is polled by the management center 4. It 
is also possible to directly connect portable termi- 
nals to the IC card terminal 2 to receive and send 
therefrom the digital signature SU(M*IDU) to the 
management center 4. The management center 4 
further verifies the digital signature SU(M*IDU) and 
records the service information M for each IC card 
identification number IDU, which is used for charg- 
ing purpose or for making various inquiries. 

It is possible to provide increased security 
against wire tapping through utilization of a method 
in which the IC card 6 and the IC card terminal 2 
both have a specific key for encrypting and de- 
crypting various pieces, of information which are 
transmitted and received between the IC card 6 
and the IC card terminal 2. Moreover, by making 
provision for prestoring term-of-validity information 
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in the IC card and verifying it by a clock in the IC 
card terminal, it is possible to inhibit the abuse of 
the IC card after being lost. 

With an anrangement wherein the identification 

5 number IDC of the card dispenser 5 which records 
initial information in the IC card, the master digital 
signature SA(IDC) of the management center 4 for 
the identification number IDC and the master public 
key nA for verifying the signature are prestored in 

10 the IC card at the time of issuing it and these 
pieces of information are transmitted to the IC card 
terminal 2 for verification when the IC card 6 is 
used, it is possible to make a check to see if the IC 
card 6 is a valid one Issued from the valid IC card 

15 dispenser. 

While in the above embodiments the user en- 
ters the password into the IC card terminal with a 
view to preventing the abuse of a lost IC card, the 
password may be omitted according to services or 

20 in accordance with user's wishes. In this instance, 
the process shown in Fig. 17 is performed without 
using the password Nc. 

For example, in the transmission of the pieces 
of data nU, IDU and SA(nU*IDU) to the manage- 

25 ment center 4, If the amount of data only by 
nUIDU is insufficient to prevent abuse. It is possi- 
ble, in practice, that data C, which is not needed, in 
particular, is added to provide a sufficient amount 
of data nU. IDU, C and SA(nU*IDU*C). 

30 Thus, according to the emtx)diment of Rg. 17, 

since the information for specifying the IC card 
appended with the digital signature of the manage- 
ment center 4 can be verified at the IC card termi- 
nal, the management center 4 having a database 

35 concerning IC cards need not be accessed before 
receiving services and the use of an invalid IC card 
can be prevented. Moreover, the service informa- 
tion such as the service charge to be paid or the 
history of use which is used in the case of a 

40 trouble or used as a reference by the user is 
appended with the digital signature of the IC card 
and transmitted to the IC card terminal, from which 
the service information appended with the digital 
signature is transmitted to a charging center for 

45 storage therein. The service information thus stored 
in the center can be used as evidence in the case 
of dealing with a trouble. 

It will be apparent that many modifications and 
variations may be effected without departing from 

50 the scope of the novel concepts of the present 
invention. 

Claims 

55 1. A method for the settlement of charges by an 
IC card wherein said IC card has card informa- 
tion memory means in which there are written 
from a management center a master public 
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key nA for verifying a master digital signature 
SA created by said management center by use 
of master keys pA and qA, card secret keys 
pU and qU for creating a digital signature by 
said IC card, a card public key nU for verifying 5 
said digital signature of said IC card, a card 
identification number IDU and a first master 
digital signature SA1 created by use of said 
master keys for information including said card 
identification number IDU, and an IC card ter- io 
minal has terminal information memory means 
in which there are written from said manage- 
ment center said master public key nA, termi- 
nal secret keys pT and qT for creating a digital 
signature by said IC card terminal, a terminal 75 
public key nT for verifying said digital signa- 
ture of said IC card terminal, a terminal iden- 
tification number IDT and a second master 
digital signature SA2 created by use of said 
master keys pA and qA for information includ- 20 
ing said terminal identification number IDT. 
and wherein said IC card is issued from said 
management center via an IC card dispenser 
and used to receive a service at said IC card 
terminal and settle the charge therefor, said 25 
method comprising: 

a step wherein said IC card transmits said 
card public key nU, said card identification 
number IDU and said first master digital signa- 
ture SA1 to said IC card terminal; 30 

a step wherein said IC card terminal veri- 
fies said first master digital signature SA1 and, 
if it is valid, transmits said terminal public key 
nT. said terminal identification number IDT and 
said second master digital signature to said IC 35 
card; 

a step wherein said IC card verifies said 
second master digital signature SA2 and, if it is 
valid, transmits information corresponding to 
the current remaining value V to said IC card 40 
terminal; 

a step wherein said IC card terminal 
makes a check to see if said information cor- 
responding to said current remaining value V is 
appropriate and, if it is appropriate, becomes 45 
enabled for providing a service; 

a step wherein, after completion of said 
service, said IC card terminal creates an up- 
dated remaining value V and generates a ter- 
minal digital signature ST for information in- so 
eluding said updated new remaining value and 
then transmits said terminal digital signature 
ST to said IC card together with said updated 
remaining value V; and 

a step wherein said IC card verifies said 55 
terminal digital signature ST. 



2, The method of claim 1, wherein said step of 
transmitting said information corresponding to 
said current remaining value V of said IC card 
is a step wherein said IC card creates digital 
signature for information including said current 
remaining value V and transmits it to said IC 
card terminal together with said current re- 
maining value V and said card public key nU, 
and said step of checking said remaining value 
by said IC card terminal is a step wherein said 
IC card terminal verifies said digital signature 
of said IC card and, if valid, becomes enabled 
for providing said service. 

3- The method of claim 2, which includes a step 
wherein when rt is verified at said IC card 
temninal that said first master digital signature 
SA1 is valid, said IC card terminal generates a 
random number R and transmits it to said IC 
card; and 

wherein said step of creating said digital 
signature of said IC card is a step wherein 
when it is verified that said second master 
digital signature is valid, said IC card gen- 
erates a random number X and creates a digi- 
tal signature for information including said re- 
maining value V and said random numbers R 
and X, as said digital signature SU for informa- 
tion including said remainder value V; and 

wherein said step of creating said terminal 
digital signature of said IC card terminal is a 
step wherein said IC card terminal creates a 
digital signature for information including said 
updated remaining value V and said random 
numbers R and X, as said digital signature ST 
for Infonmation including said updated remain- 
der value V. 

4, The method of claim 1, wherein said IC card 
has usage information memory means, and 
which further includes a step wherein after 
completion of said service said IC card up- 
dates the contents of said usage information 
memory means with whole information re- 
ceived from said IC card terminal. 

5- The method of claim 1, wherein said IC card 
terminal has usage/management memory 
means, and which further includes: a step 
wherein after completion of said service said 
IC card terminal generates usage/management 
information from information including at least 
said remaining value V and said card iden- 
tification number IDU received from said IC 
card prior to the start of said service and writes 
said usage/management information into said 
usage/management memory means; and a 
step wherein said IC card terminal transmits 
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said usage/management information stored in 
said usage/management memory means to 
said management center when a predeter- 
mined condition is satisfied. 

5 

6- The method of claim 1, 2. 3, or 4. wherein said 
IC card terminal has a list of invalid card 
identification numbers provided from said man- 
agement center, and which further includes a 
step wherein when having received said card io 
identification number IDU from said IC card, 
said IC card terminal matches said card iden- 
tification number with all of said invalid card 
identification numbers and, if said card iden- 
tification number IDU matches any one of said 76 
invalid card identification numbers, said IC 
card terminal judges that said IC card is in- 
valid, then discontinues processing. 

7. The method of claim 6, wherein said IC card 20 
terminal has usage/management memory 
means and said management center has a 
database, and which further includes: a step 
v/herein after completion of said service said 

IC card terminal generates usage/management 25 
information from information including at least 
said remaining value V and said card iden- 
tification number IDU received from said IC 
card prior to the start of said service and writes 
said usage/management information In said us- 30 
age/management memory means; a step 
wherein said IC card terminal transmits said 
usage/management information stored in said 
usage/management memory means to said 
management center when a predetermined 35 
condition is satisfied or in response to a re- 
quest from said management center; and a 
step wherein said management center matches 
said received usage/management information 
with usage/management information prestored 40 
in said database and, if they match each other, 
transmits said card identification number IDU 
of said usage/management information as an 
invalid card identification number to each IC 
card terminal for addition to said list therein, 45 
and when no match is found, said manage- 
ment center adds said received us- 
age/management information to said database. 

8. The method of claim 4, wherein said 10 card so 
terminal has, as a troubled terminal list, trou- 
bled terminal identification numbers, initial val- 
ues of a time stamp and the number of its 
updates both corresponding to said troubled 
terminal numbers, provided from said manage- 55 
ment center, and the previous card usage in- 
formation held in said usage information mem- 
ory means of said IC card includes the pre- 
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vious terminal identification numt)er. a time 
stamp digital signature created by the pre- 
viously used IC card terminal for information 
including a time stamp by use of its terminal 
secret keys and the previous number of up- 
dates, said method further including: 

a step wherein said IC card terminal up- 
dates and generates a time stamp TS at de- 
sired time intervals from a time stamp initial 
value provided from said management center 
with a predetennined recurrsive lagorithm and 
updates the numt)er of updates and transmits 
said number of updates to said management 
center for each pudate; a step wherein prior to 
the start of said service said IC card terminal 
receives from said IC card the previous termi- 
nal identification number, a digital signature for 
information Including said previous time stamp 
and said previous number of updates and 
makes a check to see if said received previous 
terminal Identification number matches any 
one of said troubled terminal identification 
number In said list; a step wherein when said 
received previous tenfninal identification num- 
ber is found in said troubled terminal number 
list, said IC card terminal updates said time 
stamp from said time stamp initial value by a 
number of times equal to said previous num- 
ber of updates in accordance with said al- 
gorithm to obtain a pseudo-current'time stamp; 
a step wherein sad IC card terminal verifies a 
digital signature of said time stamp by said 
pseudo-cunrent time stamp and said terminal 
public key nT; and a step wherein when it is 
verified that said digital signature of said time 
stamp is valid, said IC card terminal compares 
said received number of updates with the num- 
ber of updates read out of said memory means 
and. when the latter is smaller than the former, 
said IC card tenminal judges that said IC card 
is invalid and discontinues processing, and 
when the latter is not smaller than the former, 
said IC card terminal judges that said IC is 
valid, and, after providing said service, creates 
a time stamp digital signature for information 
including said current time stamp and trans- 
mits it to said IC card. 

9. The method of claim 8, wherein said manage- 
ment center has a database for managing all 
terminal identification numbers, all the stamp 
initial values and all numbers of updates, and 
which further includes a step wherein upon 
receiving said terminal identification number 
and said number of updates from said IC card 
terminal, said management center uses said 
received number of updates to re-write the 
number of updates of the corresponding termi- 
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nal identification number in said database. 

10- A method of creating an IC card, comprising: 
a step wherein an IC card dispenser trans- 
mits, to said IC card, card information Includ- 
ing: a master public key nA for verifying a 
master digital signature created by a manage- 
ment center; card secret keys pU and qll for 
creating a digital signature by said IC card; a 
card public key nU for verifying said digital 
signature of said IC card; a card Identification 
number IDU; and a first master digital signa- 
ture SA1 created by said management center 
for information Including said card public key 
nU and the card identification number IDU; 

a step wherein said IC card verifies said 
first master digital signature SA1 and. If valid, 
writes said card Information Into card Informa- 
tion memory means; 

a step wherein said IC card reads out said 
card public key nU, said card Identification 
number IDU and said first master digital signa- 
ture SA1 from said card information memory 
means and transmits then to IC said card 
dispenser; 

a step wherein IC said card dispenser veri- 
fies said first master digital signature and, if 
valid, transmits, to said IC card, an amount 
value V created by said management center 
and a third master digital signature SA3 for 
information said value V and said card iden- 
tification number IDU; and 

a step wherein said IC card verifies said 
third master digital signature SA3 and. If valid, 
writes information Including said value V and 
said third master digital signature SA3, as ini- 
tial data of card usage Information, into usage 
information memory means. 

11. The method of claim 10, which further in- 
cludes: 

a step wherein said IC card dispenser veri- 
fies said first master digital signature SA1 and, 
if valid, generates and transmit a random num- 
ber Y to said IC card; 

a step wherein said IC card generates a 
random number X and creates a digital signa- 
ture SU for information including said value V 
and said random numbers X and Y and then 
transmits said digital signature SU said IC card 
dispenser together with said random number 
X; 

a step wherein said IC card dispenser veri- 
fies said digital signature SU and, if valid, 
transmits said random numbers X and Y, said 
value V and said card identification number 
IDU to said management center; 

a step wherein said management center 



creates, as said master digital signature SA3, a 
digital signature for information Including said 
random numbers X and Y. said value V and 
said card Identification number IDU and trans- 

5 mits said digital signature to said IC card via 

said IC card dispenser; and 

a step wherein said IC card writes said 
third master digital signature, as said card us- 
age information, into said usage information 

10 memory means together with said value V and 

said random numbers X and Y. 

12. The method of claim 10 or 11, wherein said IC 
card has prestored therein an encrypting key 

75 KU produced by said management center from 

said Identification number IDU by use of a 
master key KA at the time of writing said card 
identification number IDU. and when receiving 
said card identification number IDU, said man- 

20 agement center creates said encrypting key 

KU by use of said master key KA and trans- 
mits said encrypting key KU to said IC card 
dispenser, and wherein transmission and re- 
ception between said IC card, said manage- 

25 ment center and said IC card dispenser is 

conducted using said encrypting key. 

13. A password registration method for an IC card, 
wherein said IC card has card information 

30 memory means wherein there are written, as 

card information, from a management center a 
card Identification number IDU, a predeter- 
mined setting number Ns, a fourth master digi- 
tal signature SA4 for said setting number Ns, 

35 and a fifth master digital signature SA5 for 

Information including said card identification 
numt>er IDU and said fourth master digital sig- 
nature SA4, and wherein an IC card terminal 
has terminal information memory means 

40 wherein there are written, as terminal informa- 

tion, from said management center a master 
public key nA for verifying a master digital 
signature, terminal secret keys pT and qT for 
creating a digital signature by said IC card 

45 terminal and a terminal public key nT for veri- 

fying said terminal digital signature; said meth- 
od comprising: 

a step wherein said IC card transmits said 
card identification number IDU and said fourth 

50 and fifth master digital signatures SA4 and 

SA5 to said IC card terminal; 

a step wherein said IC card terminal veri- 
fies said fifth master digital signature SA5 and, 
if valid, becomes enabled for password reg- 

55 istration processing and transmits a setting 

number Ns' to said IC card when it Is entered; 

a step wherein said IC card transmits an 
authenticafion signal to said IC card terminal 
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when said setting number Ns' received irom 
said IC card terminal matches said setting 
number Ns in said card information memory 
means; 

a step wherein upon receiving said authen- 
tication signal, said IC card terminal tiecomes 
enabled for entering of password and creates a 
terminal digital signature ST for information 
including an entered password Nc and trans- 
mits said terminal digital signal ST to said IC 
card together with said password Nc and said 
terminal public key nT; and 

a step wherein said IC card verifies said 
terminal digital signature ST and. if valid, 
writes said password Nc into password mem- 
ory means. 

14- The method of claim 13, wherein said IC card 
has card secret keys pU and qU for digital 
signature creating use and a card public key 
nU prestored in said card information memory 
means from said management center, and 
which further includes: 

a step wherein when said password Nc is 
entered, said IC card terminal generates a ran- 
dom number R and transmits it to said IC card; 

a step wherein upon receiving said random 
number R, said IC card generates a random 
number X and creates a card digital signature 
SU for information including said random num- 
bers R and X and transmits said digital signa- 
ture SU to said IC card terminal together with 
said random number X and said card public 
key nil; and 

a step wherein said IC card terminal veri- 
fies said card digital signature SU and. if valid, 
creates a terminal digital signature for informa- 
tion including said random numbers R and X 
and said password Nc and sends it as a digital 
signature including said password Nc. 

15. A method for the settlement of charges by an 
IC card, wherein said IC card has card in- 
formation memory means wherein there writ- 
ten, as card information, from a management 
center a card identification number IDU, a pre- 
determined setting number Ns, a fourth master 
digital signature SA4 for said setting number 
Ns and a fifth master digital signature SA5 for 
information including said card identification 
number lOU and said fourth master digital sig- 
nature SA4, and wherein an IC card terminal 
has terminal information memory means 
wherein there are written, as terminal informa- 
tion, from said management center a master 
public key nA for verifying a master digital 
signature, terminal secret keys pT and qT for 
the creation of a terminal digital signature and 
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a terminal public key nT for verifying said 
terminal digital signature; said method com- 
prising: 

a step wherein said IC card transmits said 

5 card identification number IDU and said fourth 

and fifth master digital signatures to said IC 
card terminal; 

a step wherein said IC card terminal veri- 
fies said fifth master digital signature SA5 and, 

10 if valid, instructs the entering of a password 

and transmits a password Nc' to said IC card 
when it is entered; 

a step wherein said IC card matches said 
password Nc' with said password Nc in said 

75 card information memory means and, tf they 

match, transmits an authentication signal to 
said IC card terminal; and 

a step wherein upon receiving said authen- 
tication signal, said IC card terminal becomes 

20 enabled for providing a service and. after com- 

pletion of said service, records information in- 
cluding an amount value V for said service and 
said received card identification number IDU. 
as usage/management information, in us- 

25 age/management memory means. 

16. The method of claim 15, wherein said IC card 
has card secret keys pU and qU for the cre- 
ation of a digital signature and a card public 

30 key nU prestored in said card information 

memory means from said management center; 
and which further includes: 

a step wherein when said password Nc is 
entered, said IC card terminal generates and 

35 transmits a random number R to said IC card; 

a step wherein upon receiving said random 
number R, said IC card generates a random 
number X and creates a card digital signature 
SU for information including said random num- 

40 bers R and X and transmits it to said IC card 

terminal together with said random number X 
and said card public key nU; and 

a step wherein said IC card terminal veri- 
fies said card digital signature SU and, if valid, 

45 becomes enabled for providing a service, on 

the assumption that it has received said au- 
thentication signal. 

17, An IC card terminal comprising: 

50 a memory wherein there are prestored a 

master public key nA for verifying a digital 
signature, terminal secret keys pT and qT for 
the creation of a terminal digital signature, a 
terminal identification number IDT, a terminal 

55 public key nT for verifying said terminal digital 

signature, and a second master digital signa- 
ture SA2 for information including said terminal 
identification IDT and said terminal public key 
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nT; 

means for verifying a first master digital 
signature SA1. received from an IC card, by 
said public key nA and for transmitting an 
auttientication notice to said IC card when said 
first master digital signature SA1 is valid; 

means whereby a digital signature Su of 
said IC card for Information including an 
amount value V and a card identification num- 
t>er IDU, received from said IC card, is verified 
by a card public key nU and a service is 
initiated when said amount value V is valid and 
sufflclently large; 

means whereby upon completion of said 
service, the charge for said service is sub- 
tracted from said amount value V to obtain a 
remainder value NT and a digital signature ST 
by said terminal key for information including 
the remaining value V and said card identifica- 
tion number IDU; and 

means for transmitting said digital signa- 
tures ST, said remaining value V. said second 
master digital signature SA2, said terminal 
public key nT and said terminal identification 
number IDT to said IC card. 

18. An IC card comprising: 

a memory wherein there are prestored a 
master public key nA. a card secret key pU 
and qli for the creation of a digital signature of 
said IC card, a card Identification number IDU, 
a card public key nU for verifying said digital 
signature of said IC card, a first master digital 
signature SA1 by said master key for Informa- 
tion including said Identification numt>er IDU 
and said card public key nU, amount value 
Information V, and a third master digital signa- 
ture SA3 by said master key for information 
including said amount value information V and 
said card Identification number IDU; 

means which transmits said public key nU. 
said card Identification number IDU and said 
first master digital signature SAI to said IC 
card terminal upon insertion thereinto of said 
IC card. 

means for creating a digital signature SU 
by said card secret key for Information includ- 
ing said amount value information V; 

means for transmitting said amount value 
Information V and said digital signature SU to 
said IC card terminal upon receiving an an- 
thentication notice from said IC card terminal; 
and 

means for verifying received second mas- 
ter digital signatures SA2 and ST by said put)- 
lic keys nA and nT, respectively, and stores 
amount value information V in said memory 
when said second master digital signatures 



SA2 and ST are valid. 

19. An IC card tenminal comprising: 

a memory having stored therein a terminal 
5 Identification numt>er for specifying said IC 

card terminal; 

a memory for storing card identification 
numbers as a card Identification number list; 
means for matching the card identification 
10 number received from an IC card with data in 

said Identification numt>er list and for initiating 
a service if amount value information received 
from said IC card is sufficient when said card 
identification number received from said IC 
75 card does not any one said card identification 

numbers in said list; 

means for transmitting said terminal iden- 
tification number to said IC card together with 
new amount value information after completion 
20 of said service; 

means whereby only In the case of trans- 
mitting said new amount value Information to 
said IC card, usage/management Information is 
created from previous usage Information in- 
25 eluding amount value Information, the card 

identification number and the terminal iden- 
tification number, received from said IC card 
prior to the start of said service; 

means for transmitting said us- 
30 age/management information to a management 

center together with said card Identification 
number; and 

means whereby card identification num- 
bers received from said management center 
35 are additionally registered in said card Iden- 

tification number list. 

20. An IC prepaid card system comprising: 

an IC card including: usage information 

40 memory means for storing a card identification 

number Identifying said IC card and previous 
usage Information including amount value in- 
formation; means for said card Identification 
number, said amount value information and 

45 said previous usage Information to an IC card 

terminal; and means for receiving new amount 
value information and usage information includ- 
ing a terminal identification number from said 
IC card terminal and for storing them in said 

50 usage information memory means; 

said IC card terminal of claim 19; and 
a management center which has a 
database for storing usage/management infor- 
mation for each IC card identitication number 

55 and means whereby the card identification 

number and usage/management Information 
received from said IC card terminal are 
matched with card Identification numbers and 
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usage/management information registered in 
said database and, when they do not match 
each other, said card identification number and 
usage/management information from said IC 
card terminal are additionally registered in said 
database, whereas when they match, identified 
identification number is transmitted IC and ter- 
minals. 

21. The IC prepaid card system of claim 20, 
wherein at least one of said IC card and said 
IC card terminal has random generating 
means, said usage information containing a 
random number generated by said random 
generating means. 

22. An IC card terminal comprising: 

means for updating a time stamp at proper 
intervals by a predetermined algorithm; 

means which upon each upxiating of said 
time stamp, transmits update information re- 
presenting the number of updates to a man- 
agement center; 

a memory wherein there are stored a ter- 
minal identification number for specifying a 
terminal, said time stamp, said update informa- 
tion, a terminal secret key for creating a digital 
signature and a public key for verifying said 
digital signature; 

a memory wherein a terminal identification 
number, a time stamp initial value and update 
information received from said management 
center are recorded as a terminal list; 

means whereby a terminal Identification 
number received from an IC card is matched 
with said terminal identification numbers in 
said terminal list, and when the former match- 
es any one of the latter, the time stamp initial 
value in said terminal list Is updated by said 
predetermined algorithm in accordance with 
update information received from said IC card, 
and a digital signature received from said IC 
card is verified by said updated time stamp 
and a public key received from said IC card, 
and when said digital signature is valid, said 
received update information is matched with 
update information of said previously matched 
terminal number in said terminal list, thereby 
judges the time when said IC card was used at- 
said IC card terminal of said received terminal 
identification number; 

means for digitally signing said update 
time stamp by use of said terminal secret key; 
and 

means for transmitting the terminal inden- 
tification number for specifying said IC card 
terminal, said update information, said public 
key and said digital signature to said IC card. 



23w An IC card system comprising: 

said IC card terminal of claim 22; 
an IC card having a memory wherein the 
terminal identification number update informa- 

5 tion. a public key and a digital signature for a 

time stamp received from said IC card terminal 
are stored, and means whereby when said IC 
card is inserted into an IC card tenminal. said 
terminal identification number, said update in- 

10 formation, said public key and said digital sig- 

nature for time stamp in said memory are 
transmitted to said IC card terminal; and 

a management center which has a 
database for managing the terminal identifica- 

75 tion number of each IC card terminal, an initial 

value of the time stamp and update informa- 
tion, means whereby update information re- 
ceived from said IC card terminal is replaced 
for update information of the corresponding 

20 terminal identification number in said database, 

and means whereby a selected set of terminal 
identification number, time stamp initial value 
and update information in said database are 
transmitted to every IC card terminal. 

25 

24. An IC credit card comprising: 

a memory for storing an identification 
number IDU for specifying a user, a password 
setting number Ns. a digital signature SA by a 

30 master key for information including said iden- 

tification number IDU and a password Nc; 

means for transmitting said identification 
number IDU and said digital signature SA to an 
IC card terminal; 

35 means whereby a password setting num- 

ber Ns' received from said IC card terminal is 
matched with said password setting number 
Ns stored in said memory, and when they 
match each other, a first authentication notice 

40 is transmitted to said IC card terminal; 

means whereby at the time of registering a 
password, a password Nc, a digital signature 
ST by said IC card terminal for information 
including said password Nc and a terminal 

45 public key nT of said IC card terminal are 

received from said IC card terminal and said 
received digital signature ST is verified by said 
terminal public key nT and only when said 
digital signature ST is valid, said received 

50 password Nc is record in said memory; and 

means whereby prior to the start of a 
service a password Nc* received from said IC 
card terminal is matched with said password 
Nc stored in said memory and, when they 

55 match, a second authentication notice is trans- 

mitted to said IC card terminal. 
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25. An IC card terminal comprising: 

a memory wherein there are stored a mas- 
ter public key nA and a terminal public key nT 
for verifying a digital signature SA and terminal 
secret keys pT and qT for creating a terminal 
digital signature; 

means which verifies a digital signature SA 
received from an IC card, by said public key 
nA and. If an identification number IDU re- 
ceived from said IC card is valid, enables the 
registration or entering of a password; 

means whereby when the registration of a 
password is chosen, an identification number 
IDU' entered from input means is matched with 
said identification number IDU received from 
said IC card and when they match, the input of 
password setting number is instructed; 

means for transmitting to said IC card a 
password setting number Ns' entered from 
said input means; 

means which, when having received a first 
authentication notice from said IC card, creates 
a digital signature ST by said terminal secret 
keys pT and qT for information Including a 
password Nc entered from said input means; 

means for transmitting said password Nc, 
said digital signature ST and said terminal 
public key nT to said IC card; 

means which, when the input of a pass- 
word is chosen, transmits a password Nc' en- 
tered from said input means to said IC card; 
and 

means for permitting a service when hav- 
ing received a second authentication notice 
from said IC card. 



SU1 and SA, means for creating and transmit- 
ting said service infonmation M to said IC card, 
and means for receiving said digital signature 
SU2. 

5 

27, The IC card system of claim 26. wherein said 
IC card terminal includes means whereby a 
password Nc entered by a user is transmitted 
to said IC card, and said IC card Includes 
10 means whereby said password Nc' received 

from said IC card terminal Is matched with a 
password Nc prestored in a memory to there- 
by verify said password Nc. 

75 



20 



25 



30 



26. An IC card system comprising: 

an IC card including: means for generating 
a random number X; means for creating an IC 
card digital signature SU1 for information In- 40 
eluding a random number R received from an 
IC card terminal and said random number R: 
means whereby a master digital signature SA 
created by a management center for informa- 
tion including a public key nU of said IC card 45 
and a card identification IDU, said random 
number said digital signature SUI, said public 
key nU and said card identification number 
IDU are transmitted to said IC card terminal; 
means for creating a IC card digital signature so 
SU2 for information including service informa- 
tion M including a service charge, received 
from said IC card terminal, and said card iden- 
tification number IDU; and means for transmit- 
ting said digital signature SU2 to said IC card 55 
terminal; and 

an IC card terminal which has means for 
receiving and verifying said digital signatures 
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